Severity
High
Analysis Summary
CVE-2025-49425 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4.
CVE-2025-49421 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Andrei Filonov WP Text Expander allows SQL Injection. This issue affects WP Text Expander: from n/a through 1.0.1.
Impact
- Gain Access
- Data Manipulation
Indicators of Compromise
CVE
CVE-2025-49425
CVE-2025-49421
Affected Vendors
- WordPress
Affected Products
- Adrian Hanft Konami Easter Egg - n/a
- Andrei Filonov WP Text Expander - n/a
Remediation
Update the WordPress plugin to the latest available version.