Plattform
wordpress
Komponente
wp-landing-page
Behoben in
0.9.4
CVE-2025-13629 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in the WP Landing Page plugin for WordPress. This flaw allows unauthenticated attackers to manipulate post meta data by crafting malicious requests, potentially leading to unauthorized modifications of website content. The vulnerability affects versions from 0.0.0 up to and including 0.9.3. A fix is expected in a future plugin release.
The primary impact of this CSRF vulnerability lies in the ability of an attacker to modify post meta data without proper authentication. This could involve altering page content, changing settings, or injecting malicious code. A successful attack requires the attacker to trick a site administrator into clicking a specially crafted link or visiting a malicious webpage. The blast radius is limited to the affected WordPress site and its associated data, but the potential for defacement or data manipulation is significant. This vulnerability is similar to other CSRF flaws where user actions are performed without proper authorization.
CVE-2025-13629 was publicly disclosed on 2025-12-06. There is no indication of this vulnerability being actively exploited at this time. The EPSS score is pending evaluation. No public proof-of-concept (PoC) code has been released, but the vulnerability's nature makes it relatively straightforward to exploit given a targeted attack scenario.
WordPress websites utilizing the WP Landing Page plugin, particularly those with administrative access that could be tricked into clicking malicious links, are at risk. Shared hosting environments where multiple websites share the same server resources are also potentially vulnerable, as a compromise of one site could lead to attacks against others.
• wordpress / composer / npm:
grep -r 'wplp_api_update_text' /var/www/html/wp-content/plugins/wp-landing-page/• wordpress / composer / npm:
wp plugin list --status=all | grep 'wp-landing-page'• wordpress / composer / npm:
wp plugin update wp-landing-page --alldisclosure
Exploit-Status
EPSS
0.02% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The immediate mitigation for CVE-2025-13629 is to upgrade to a patched version of the WP Landing Page plugin as soon as it becomes available. Until then, implement a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Alternatively, consider using a WordPress security plugin that provides CSRF protection. Carefully review any suspicious URLs or requests before clicking on them, and educate administrators about the risks of CSRF attacks. After applying a WAF rule or upgrading the plugin, verify the mitigation by attempting to trigger the vulnerable endpoint with a forged request and confirming that it is blocked or fails.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability eingehend und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und einen Ersatz zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-13629 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP Landing Page plugin for WordPress versions 0.0.0–0.9.3, allowing attackers to modify post meta data via forged requests.
If you are using the WP Landing Page plugin in WordPress versions 0.0.0 through 0.9.3, you are potentially affected by this vulnerability. Upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the WP Landing Page plugin. Until then, implement a WAF with CSRF protection or use a WordPress security plugin.
There is currently no public evidence of CVE-2025-13629 being actively exploited, but the vulnerability's nature makes it a potential target.
Please refer to the WP Landing Page plugin's official website or WordPress plugin repository for updates and advisories regarding CVE-2025-13629.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.