CVE-2025-48146
Cross-Site Request Forgery (CSRF) vulnerability with Stored XSS effect in Michael Lups SEO Flow by LupsOnline
Overview
This vulnerability is a Cross-Site Request Forgery (CSRF) found in the SEO Flow by LupsOnline plugin created by Michael Lups. Its effect is a Stored Cross Site Scripting (XSS) issue that affects SEO Flow by LupsOnline's versions up to 2.2.0.
Technical Details
A successful exploitation can allow attackers to trick authenticated users into executing an unwanted function, potentially leading to arbitrary code execution. Attackers can leverage this vulnerability to execute scripts in the victim's browser which can lead to malicious actions.
CVSS Metrics
- attackVector: NETWORK
- attackComplexity: LOW
- privilegesRequired: NONE
- userInteraction: REQUIRED
- scope: CHANGED
- confidentialityImpact: LOW
- integrityImpact: LOW
- availabilityImpact: LOW
Impact
This vulnerability can lead to unauthorized actions performed by the authenticated user, potentially compromising the system.
Recommendations
To protect against this vulnerability, update your SEO Flow by LupsOnline software to the latest available version. Validate input received from all sources to prevent any malicious actions.
Threat Metrics
- "cvss_score": 7.1
- "severity": "HIGH"
- "attack_vector": "NETWORK"
- "attack_complexity": "LOW"