Plateforme
wordpress
Composant
foxtool
Corrigé dans
2.5.4
CVE-2025-13408 describes a Cross-Site Request Forgery (CSRF) vulnerability present in the Foxtool All-in-One WordPress plugin, specifically within the Contact chat button, Custom login, and Media optimize images components. This flaw allows unauthenticated attackers to potentially establish OAuth connections by manipulating user actions. The vulnerability impacts versions 1.0.0 through 2.5.2, and a fix is available in version 2.5.3.
The primary impact of this CSRF vulnerability lies in the potential for unauthorized OAuth connection establishment. An attacker could craft a malicious link or embed it within a website or email, enticing a site administrator to click it. Upon clicking, the attacker could forge a request, effectively granting them access to the administrator's account and potentially compromising sensitive data or performing actions on behalf of the administrator. This could lead to unauthorized access to user information, modification of site content, or even complete control over the WordPress site, depending on the permissions associated with the administrator's account. The risk is amplified if the OAuth connection is linked to other services or APIs, potentially extending the attacker's reach beyond the WordPress site itself.
This CVE was published on December 12, 2025. There is currently no public proof-of-concept available, and it has not been added to the CISA KEV catalog. The CVSS score of 4.3 indicates a medium probability of exploitation, suggesting that while the vulnerability exists, it may require some level of technical expertise to exploit effectively. Active campaigns targeting this specific vulnerability are not currently known.
WordPress sites utilizing the Foxtool All-in-One plugin, particularly those with site administrators who frequently interact with OAuth-connected services, are at risk. Shared hosting environments where multiple WordPress sites share the same server resources are also potentially vulnerable, as a compromise of one site could lead to the exploitation of others.
• wordpress / composer / npm:
grep -r 'foxtool_login_google()' /var/www/html/wp-content/plugins/foxtool-all-in-one/• wordpress / composer / npm:
wp plugin list | grep foxtool-all-in-one• wordpress / composer / npm:
wp plugin update foxtool-all-in-onedisclosure
Statut de l'Exploit
EPSS
0.02% (percentile 4%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-13408 is to immediately upgrade the Foxtool All-in-One plugin to version 2.5.3 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider implementing stricter input validation and output encoding practices within the plugin's code to prevent the exploitation of the missing nonce validation. Additionally, implement a Web Application Firewall (WAF) with CSRF protection rules to filter out malicious requests. Educate administrators about the risks of clicking on suspicious links and encourage them to verify the authenticity of any requests before performing actions. After upgrading, confirm the fix by attempting to trigger the vulnerable function (foxtoollogingoogle()) with a forged request and verifying that the action is blocked.
Mettre à jour vers la version 2.5.3, ou une version corrigée plus récente
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-13408 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Foxtool All-in-One WordPress plugin, allowing attackers to forge OAuth connections.
You are affected if you are using Foxtool All-in-One WordPress plugin versions 1.0.0 through 2.5.2.
Upgrade the Foxtool All-in-One plugin to version 2.5.3 or later to resolve the vulnerability.
There are currently no reports of active exploitation, but the vulnerability has a medium probability of exploitation.
Refer to the official Foxtool All-in-One plugin website or WordPress plugin repository for the latest advisory and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.