- Description
- The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
- Source
- contact@wpscan.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 6.1
- Impact score
- 2.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
🚨 CVE-2025-1382 ❓ 🏢 Unknown - Contact Us By Lord Linus 🏗️ 0 🔗 https://t.co/fVuoLi9OO4 #CyberCron #VulnAlert #InfoSec https://t.co/2nxL4bZ62u
@cybercronai
10 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1382 Stored XSS Vulnerability in Contact Us By Lord Linus WordPress Plugin https://t.co/kGzuX548eR
@VulmonFeeds
9 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1382 The Contact Us By Lord Linus WordPress plugin through 2.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow at… https://t.co/5UtwcRTntO
@CVEnew
9 Mar 2025
731 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:lordlinus:contact_us:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "E6249A79-8F59-41AD-B5CA-39B4EF57EC8A",
"versionEndIncluding": "2.6"
}
],
"operator": "OR"
}
]
}
]