June 30, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SideWinder APT Group aka Rattlesnake – Active IOCs
February 10, 2025Multiple IBM Products Vulnerabilities
February 10, 2025SideWinder APT Group aka Rattlesnake – Active IOCs
February 10, 2025Multiple IBM Products Vulnerabilities
February 10, 2025
Severity
High
Analysis Summary
CVE-2025-25101 CVSS:9.6
Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7.
CVE-2025-25106 CVSS:9.6
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0.
CVE-2025-25107 CVSS:9.6
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1.
CVE-2025-25088 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5.
CVE-2025-25104 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20.
CVE-2025-25071 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.
CVE-2025-25075 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.
CVE-2025-25074 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.
CVE-2025-25072 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.
Impact
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2025-25101
CVE-2025-25106
CVE-2025-25107
CVE-2025-25088
CVE-2025-25104
CVE-2025-25071
CVE-2025-25075
CVE-2025-25074
CVE-2025-25072
Affected Vendors
- WordPress
Affected Products
- MetricThemes Munk Sites - n/a
- FancyWP Starter Templates by FancyWP - n/a
- sainwp OneStore Sites - n/a
- blackus3r WP Keyword Monitor - n/a
- mraliende URL-Preview-Box - n/a
- topplugins Vignette Ads - n/a
- Venugopal Show notice or message on admin area - n/a
- Nirmal Kumar Ram WP Social Stream - n/a
- thunderbax WP Admin Custom Page - n/a
Remediation
Update the WordPress plugin to the latest available version.