- Description
- The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
- Source
- contact@wpscan.com
- NVD status
- Analyzed
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 3.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
- Severity
- HIGH
- nvd@nist.gov
- CWE-352
- Hype score
- Not currently trending
CVE-2025-1436 (CVSS:7.1, HIGH) is Awaiting Analysis. The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisat..https://t.co/wPEWS2x1FC #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
18 Mar 2025
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-1436 The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attac… https://t.co/Iy06rCs2A7
@CVEnew
13 Mar 2025
327 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:rivercitygraphix:limit_bio:1.0:*:*:*:*:wordpress*:*:*",
"vulnerable": true,
"matchCriteriaId": "B0F295A7-B3CF-4045-BDA3-3AA0AE49AA2F"
}
],
"operator": "OR"
}
]
}
]