Cross-Site Request Forgery Vulnerability in Like & Share My Site Plugin for WordPress
CVE-2025-7685

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Like & Share My Site
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-7685?

The Like & Share My Site plugin, utilized within WordPress, is susceptible to Cross-Site Request Forgery (CSRF) attacks due to inadequate nonce validation on the 'lsms_admin' page. This flaw allows unauthenticated attackers to craft forged requests, potentially enabling them to alter settings or inject harmful scripts into the site if they manage to deceive an administrator into clicking a malicious link.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Like & Share My Site * <= 0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/like-share-my-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 15, 2025

Credit

Johannes Skamletz

JSON

WordPress