प्लेटफ़ॉर्म
wordpress
घटक
wp-flashy-marketing-automation
में ठीक किया गया
2.0.9
CVE-2025-62873 describes a Cross-Site Request Forgery (CSRF) vulnerability found in the WP Flashy Marketing Automation plugin. This vulnerability allows an attacker to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or deletions of marketing automation configurations. The vulnerability affects versions from 0.0.0 through 2.0.8, and a patch is available in version 2.0.9.
A successful CSRF attack could allow an attacker to modify marketing automation workflows, add or remove subscribers, or even delete entire campaigns without the user's knowledge or consent. This could result in significant disruption to marketing efforts, data breaches if sensitive information is exposed, and reputational damage. The attacker needs to craft a malicious request and trick the user into clicking a link or visiting a compromised page while logged into the WordPress site with the Flashyapp plugin installed. The impact is amplified if the plugin is used for critical marketing processes or handles sensitive user data.
This vulnerability was publicly disclosed on 2025-12-09. No public proof-of-concept (POC) code has been identified at the time of writing. The vulnerability's CVSS score of 4.3 (Medium) indicates a moderate risk of exploitation. It is not currently listed on the CISA KEV catalog.
Websites using the WP Flashy Marketing Automation plugin, particularly those with automated marketing campaigns or handling sensitive subscriber data, are at risk. Shared hosting environments where plugin updates are managed by the hosting provider may be particularly vulnerable if they haven't applied the update.
• wordpress / composer / npm:
grep -r 'flashyapp/wp-flashy-marketing-automation' /var/www/html/
wp plugin list | grep 'Flashyapp WP Flashy Marketing Automation'• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/wp-flashy-marketing-automation/ | grep -i 'flashyapp'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.02% (5% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation is to upgrade the WP Flashy Marketing Automation plugin to version 2.0.9 or later. If upgrading is not immediately feasible, consider implementing a Content Security Policy (CSP) to restrict the sources from which the plugin can load resources. Additionally, implement strict user authentication and authorization controls to minimize the potential impact of a successful CSRF attack. Review user roles and permissions to ensure users only have the necessary access. Consider using a WordPress security plugin with CSRF protection features.
संस्करण 2.0.9 में अपडेट करें, या एक नया पैच किया गया संस्करण
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-62873 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP Flashy Marketing Automation plugin, allowing attackers to perform unauthorized actions.
You are affected if you are using WP Flashy Marketing Automation versions 0.0.0 through 2.0.8. Upgrade to 2.0.9 or later to mitigate the risk.
Upgrade the WP Flashy Marketing Automation plugin to version 2.0.9 or later. Consider implementing a Content Security Policy (CSP) as an interim measure.
There is no confirmed active exploitation of CVE-2025-62873 at this time, but the vulnerability is publicly known.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।