Cross-Site Request Forgery Vulnerability in Relocate Upload by WordPress
CVE-2025-53315

7.1HIGH

Key Information:

Vendor: WordPress
Status: Relocate Upload
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-53315?

The Relocate Upload plugin for WordPress contains a Cross-Site Request Forgery (CSRF) vulnerability that can result in Stored Cross-Site Scripting (XSS) attacks. This vulnerability allows an attacker to perform unauthorized actions on behalf of users, potentially compromising sensitive data and altering user interactions while exploiting the plugin's functionalities. All versions up to and including 0.24.1 are affected, making it crucial for users to take immediate action to mitigate the risks.

Affected Version(s)

Relocate Upload <= 0.24.1

References

https://patchstack.com/database/wordpress/plugin/relocate...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Jun 27, 2025

Credit

Skalucy (Patchstack Alliance)