CVE-2025-22571

CVE-2025-22571 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, in the Instabot WordPress plugin. It affects all versions from n/a through 1.10 inclusive. The issue enables CSRF attacks, carrying a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no privileges required, required user interaction, changed scope, and low impacts across confidentiality, integrity, and availability.

An unauthenticated attacker can exploit this over the network by tricking a victim—typically an authenticated user such as an administrator—into performing unintended actions via a malicious webpage or link. Exploitation requires user interaction but can lead to consequences like stored cross-site scripting (XSS), as indicated in related advisories, allowing limited disruption or data exposure with broader scope due to the plugin's context.

The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/instabot/vulnerability/wordpress-instabot-plugin-1-10-csrf-to-stored-xss-vulnerability?_s_id=cve provides details on this CSRF-to-stored-XSS issue in the WordPress Instabot plugin version 1.10, including recommended mitigations such as updating to a patched version where available or implementing CSRF protections.