Plattform
wordpress
Komponente
social-profilr-display-social-network-profile
Behoben in
1.0.1
A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Social Profilr WordPress plugin. This flaw allows an attacker to potentially trigger Stored XSS attacks, leading to unauthorized actions and potential data compromise. The vulnerability affects versions from 0.0.0 up to and including 1.0. Apply the recommended mitigation steps or upgrade to a patched version as soon as possible.
The CSRF vulnerability in Social Profilr allows an attacker to craft malicious requests that appear to originate from a legitimate user. Successful exploitation can lead to the attacker executing arbitrary JavaScript code within the context of the user's browser, resulting in Stored XSS. This can be used to steal user credentials, deface the website, redirect users to malicious sites, or even gain control of the WordPress installation. The combination of CSRF and Stored XSS significantly amplifies the potential impact, as the attacker can persist malicious code on the site, affecting multiple users over time.
The vulnerability was publicly disclosed on 2025-12-31. Currently, there are no known public exploits or active campaigns targeting this specific vulnerability. The presence of Stored XSS alongside CSRF increases the potential for exploitation and warrants immediate attention. Monitor security advisories and threat intelligence feeds for any updates.
Websites utilizing the Social Profilr WordPress plugin, particularly those with user accounts and social network integration, are at risk. Shared hosting environments where multiple websites share the same server resources are also at increased risk, as a compromise of one website could potentially impact others.
• wordpress / plugin:
grep -r 'socialprofilr_display_social_network_profile' /var/www/html/wp-content/plugins/• wordpress / plugin:
wp plugin list --status=inactive | grep socialprofilr• wordpress / plugin:
wp plugin list | grep socialprofilrdisclosure
Exploit-Status
EPSS
0.02% (5% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-49343 is to upgrade to a patched version of the Social Profilr plugin. If upgrading immediately is not feasible due to compatibility concerns or breaking changes, consider implementing a Web Application Firewall (WAF) rule to filter out suspicious requests containing CSRF tokens. Additionally, ensure that all user input is properly validated and sanitized to prevent the storage of malicious scripts. Review and update any existing CSRF protection mechanisms within your WordPress theme or other plugins.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-49343 is a Cross-Site Request Forgery (CSRF) vulnerability in the Social Profilr WordPress plugin, allowing attackers to perform actions as authenticated users and potentially execute Stored XSS.
You are affected if your WordPress site uses the Social Profilr plugin and is running version 0.0.0 through 1.0. Immediate mitigation is recommended.
Upgrade to a patched version of the Social Profilr plugin as soon as it becomes available. Until then, implement input validation and consider using a WAF.
There is currently no confirmed active exploitation of CVE-2025-49343, but the HIGH severity score indicates a potential risk.
Refer to the Social Profilr plugin's official website or WordPress plugin repository for updates and advisories regarding CVE-2025-49343.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.