Cross-Site Request Forgery Vulnerability in Linux Promotional Plugin for WordPress
CVE-2025-7668

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Linux Promotional Plugin
Vendor: CVE Published:; 16 August 2025

What is CVE-2025-7668?

The Linux Promotional Plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit missing or incorrect nonce validation on the 'linux-promotional-plugin.php' page. This weakness enables malicious actors to update plugin settings and inject harmful web scripts through forged requests. Attackers can potentially trick site administrators into executing these requests, highlighting the importance of ensuring proper nonce validation to secure WordPress installations.

Affected Version(s)

Linux Promotional Plugin * <= 1.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/linux-promotio...

https://wordpress.org/plugins/linux-promotional-plugin/

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 16, 2025
Vulnerability Reserved
Jul 14, 2025

Credit

JohSka