CVE-2025-7685: CWE-352 Cross-Site Request Forgery (CSRF) in sflack Like & Share My Site
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the 'lsms_admin' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI Analysis
Technical Summary
CVE-2025-7685 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the 'Like & Share My Site' WordPress plugin developed by sflack. This vulnerability exists in all versions up to and including 0.2 due to missing or incorrect nonce validation on the 'lsms_admin' page. Nonces in WordPress are security tokens used to verify that requests are intentional and originate from authenticated users. The absence or improper implementation of nonce validation allows an unauthenticated attacker to craft malicious requests that, when executed by an authenticated site administrator (for example, by clicking a link), can update plugin settings and inject malicious web scripts. This can lead to unauthorized changes in the plugin configuration and potential cross-site scripting (XSS) attacks, compromising the integrity and confidentiality of the affected site. The vulnerability is exploitable remotely without authentication but requires user interaction (the administrator must be tricked into clicking a malicious link). The CVSS v3.1 base score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and impacts on confidentiality and integrity with no availability impact. No known exploits are currently reported in the wild, and no patches have been released at the time of this report. The vulnerability falls under CWE-352, which is a common web application security weakness related to CSRF attacks. Given the plugin's role in social sharing functionality, exploitation could allow attackers to manipulate site behavior and potentially deliver further malicious payloads through injected scripts.
Potential Impact
For European organizations using the 'Like & Share My Site' WordPress plugin, this vulnerability poses a risk of unauthorized configuration changes and potential injection of malicious scripts. This could lead to compromised site integrity, leakage of sensitive information, and erosion of user trust. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and e-commerce, may face compliance risks if attackers exploit this vulnerability to exfiltrate data or deface websites. Additionally, malicious script injection could facilitate phishing or malware distribution campaigns targeting European users. Since the attack requires tricking an administrator, organizations with less stringent administrative access controls or lacking user security awareness training are at higher risk. The vulnerability could also be leveraged as a foothold for further attacks within the organization's network. Given the widespread use of WordPress in Europe, the potential impact is significant, especially for small and medium enterprises that may rely on this plugin for social media integration without robust security measures.
Mitigation Recommendations
1. Immediate mitigation involves disabling or uninstalling the 'Like & Share My Site' plugin until a security patch is released by the vendor. 2. Implement strict administrative access controls, including limiting plugin management privileges to trusted personnel only. 3. Educate site administrators about the risks of clicking on unsolicited or suspicious links, especially those received via email or messaging platforms. 4. Employ web application firewalls (WAFs) with rules to detect and block CSRF attack patterns targeting WordPress admin pages. 5. Monitor administrative actions and plugin configuration changes for unusual activity to enable rapid detection of exploitation attempts. 6. Once available, promptly apply vendor patches or updates that address nonce validation and CSRF protections. 7. Consider deploying Content Security Policy (CSP) headers to mitigate the impact of injected scripts. 8. Regularly audit all installed plugins for security vulnerabilities and remove unused or unsupported plugins to reduce the attack surface.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden
CVE-2025-7685: CWE-352 Cross-Site Request Forgery (CSRF) in sflack Like & Share My Site
Description
The Like & Share My Site plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the 'lsms_admin' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
AI-Powered Analysis
Technical Analysis
CVE-2025-7685 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the 'Like & Share My Site' WordPress plugin developed by sflack. This vulnerability exists in all versions up to and including 0.2 due to missing or incorrect nonce validation on the 'lsms_admin' page. Nonces in WordPress are security tokens used to verify that requests are intentional and originate from authenticated users. The absence or improper implementation of nonce validation allows an unauthenticated attacker to craft malicious requests that, when executed by an authenticated site administrator (for example, by clicking a link), can update plugin settings and inject malicious web scripts. This can lead to unauthorized changes in the plugin configuration and potential cross-site scripting (XSS) attacks, compromising the integrity and confidentiality of the affected site. The vulnerability is exploitable remotely without authentication but requires user interaction (the administrator must be tricked into clicking a malicious link). The CVSS v3.1 base score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but user interaction needed, and impacts on confidentiality and integrity with no availability impact. No known exploits are currently reported in the wild, and no patches have been released at the time of this report. The vulnerability falls under CWE-352, which is a common web application security weakness related to CSRF attacks. Given the plugin's role in social sharing functionality, exploitation could allow attackers to manipulate site behavior and potentially deliver further malicious payloads through injected scripts.
Potential Impact
For European organizations using the 'Like & Share My Site' WordPress plugin, this vulnerability poses a risk of unauthorized configuration changes and potential injection of malicious scripts. This could lead to compromised site integrity, leakage of sensitive information, and erosion of user trust. Organizations in sectors with strict data protection regulations, such as finance, healthcare, and e-commerce, may face compliance risks if attackers exploit this vulnerability to exfiltrate data or deface websites. Additionally, malicious script injection could facilitate phishing or malware distribution campaigns targeting European users. Since the attack requires tricking an administrator, organizations with less stringent administrative access controls or lacking user security awareness training are at higher risk. The vulnerability could also be leveraged as a foothold for further attacks within the organization's network. Given the widespread use of WordPress in Europe, the potential impact is significant, especially for small and medium enterprises that may rely on this plugin for social media integration without robust security measures.
Mitigation Recommendations
1. Immediate mitigation involves disabling or uninstalling the 'Like & Share My Site' plugin until a security patch is released by the vendor. 2. Implement strict administrative access controls, including limiting plugin management privileges to trusted personnel only. 3. Educate site administrators about the risks of clicking on unsolicited or suspicious links, especially those received via email or messaging platforms. 4. Employ web application firewalls (WAFs) with rules to detect and block CSRF attack patterns targeting WordPress admin pages. 5. Monitor administrative actions and plugin configuration changes for unusual activity to enable rapid detection of exploitation attempts. 6. Once available, promptly apply vendor patches or updates that address nonce validation and CSRF protections. 7. Consider deploying Content Security Policy (CSP) headers to mitigate the impact of injected scripts. 8. Regularly audit all installed plugins for security vulnerabilities and remove unused or unsupported plugins to reduce the attack surface.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-07-15T18:51:34.532Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 687f5a59a83201eaac1a3a7f
Added to database: 7/22/2025, 9:31:05 AM
Last enriched: 7/22/2025, 9:47:17 AM
Last updated: 8/14/2025, 10:41:18 AM
Views: 393
Related Threats
CVE-2025-43490: CWE-59 Improper Link Resolution Before File Access ('Link Following') in HP, Inc. HP Hotkey Support Software
MediumCVE-2025-9060: CWE-20 Improper Input Validation in MSoft MFlash
CriticalCVE-2025-8675: CWE-918 Server-Side Request Forgery (SSRF) in Drupal AI SEO Link Advisor
MediumCVE-2025-8362: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Drupal GoogleTag Manager
MediumCVE-2025-8361: CWE-962 Missing Authorization in Drupal Config Pages
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.