CVE-2025-22343

High

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0013 32.0th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Cross-Site Request Forgery (CSRF) vulnerability in koter84 wpSOL wpsol allows Stored XSS.This issue affects wpSOL: from n/a through <= 1.2.0.

Security Summary

CVE-2025-22343 is a Cross-Site Request Forgery (CSRF) vulnerability in the wpSOL WordPress plugin by koter84, which enables Stored XSS. The flaw affects wpSOL versions from n/a through 1.2.0 inclusive, as documented with CWE-352 and a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Unauthenticated attackers can exploit this vulnerability remotely with low complexity, requiring only user interaction such as visiting a malicious webpage. Exploitation leverages CSRF to trick authenticated users into submitting requests that store XSS payloads on the site, which then execute in the browsers of subsequent visitors, including administrators, with a changed scope and low impacts to confidentiality, integrity, and availability.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/wpsol/vulnerability/wordpress-wpsol-plugin-1-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve) details the vulnerability in the wpSOL plugin up to version 1.2.0.

Details

CWE(s): CWE-352

References

https://patchstack.com/database/Wordpress/Plugin/wpsol/vulnerability/wordpress-wpsol-plugin-1-2-0-csrf-to-stored-xss-vulnerability?_s_id=cve
audit@patchstack.com