Cross-Site Request Forgery in Video Blogster Lite by johnh10
CVE-2025-60132

4.3MEDIUM

Key Information:

Vendor: WordPress
Status: Video Blogster Lite
Vendor: CVE Published:; 22 October 2025

What is CVE-2025-60132?

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Video Blogster Lite plugin by johnh10, potentially allowing an attacker to execute unauthorized actions on behalf of authenticated users. This could lead to Stored Cross-Site Scripting (XSS) vulnerabilities, where malicious scripts are injected and stored in the application, compromising user data and site integrity. Users of Video Blogster Lite versions up to and including 1.2 are encouraged to update to the latest version to mitigate this security risk.

Affected Version(s)

Video Blogster Lite <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/vide...

vdb-entry

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2025
Vulnerability Reserved
Sep 25, 2025

Credit

Nabil Irawan (Patchstack Alliance)

JSON

WordPress

What is CVE-2025-60132?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit