Cross-Site Request Forgery Vulnerability in Like & Share My Site Plugin for WordPress
CVE-2025-7685

6.1MEDIUM

Key Information:

Vendor: WordPress
Status: Like & Share My Site
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-7685?

The Like & Share My Site plugin, utilized within WordPress, is susceptible to Cross-Site Request Forgery (CSRF) attacks due to inadequate nonce validation on the 'lsms_admin' page. This flaw allows unauthenticated attackers to craft forged requests, potentially enabling them to alter settings or inject harmful scripts into the site if they manage to deceive an administrator into clicking a malicious link.

Affected Version(s)

Like & Share My Site * <= 0.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/browser/like-share-my-...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 15, 2025

Credit

Johannes Skamletz