{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-13408", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-11-19T14:19:13.288Z", "datePublished": "2025-12-12T03:20:43.702Z", "dateUpdated": "2026-04-08T16:48:26.123Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:26.123Z"}, "affected": [{"vendor": "foxtheme", "product": "Foxtool All-in-One: Contact chat button, Custom login, Media optimize images", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtool_login_google() function. This makes it possible for unauthenticated attackers to establish an OAuth Connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40886b66-f6a2-404c-9d0d-5fc3da6a896c?source=cve"}, {"url": "https://plugins.svn.wordpress.org/foxtool/tags/2.5.2/inc/goo.php"}, {"url": "https://wordpress.org/plugins/foxtool/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3416529%40foxtool&new=3416529%40foxtool&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "D01EXPLOIT OFFICIAL"}], "timeline": [{"time": "2025-12-11T14:26:52.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T18:06:56.293439Z", "id": "CVE-2025-13408", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T18:16:10.637Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-13408", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-15T18:06:56.293439Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T18:06:59.692Z"}}], "cna": {"title": "Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection", "credits": [{"lang": "en", "type": "finder", "value": "D01EXPLOIT OFFICIAL"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "foxtheme", "product": "Foxtool All-in-One: Contact chat button, Custom login, Media optimize images", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "2.5.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-11T14:26:52.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40886b66-f6a2-404c-9d0d-5fc3da6a896c?source=cve"}, {"url": "https://plugins.svn.wordpress.org/foxtool/tags/2.5.2/inc/goo.php"}, {"url": "https://wordpress.org/plugins/foxtool/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3416529%40foxtool&new=3416529%40foxtool&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtool_login_google() function. This makes it possible for unauthenticated attackers to establish an OAuth Connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:48:26.123Z"}}}, "cveMetadata": {"cveId": "CVE-2025-13408", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:48:26.123Z", "dateReserved": "2025-11-19T14:19:13.288Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-12T03:20:43.702Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtool_login_google() function. This makes it possible for unauthenticated attackers to establish an OAuth Connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "id": "CVE-2025-13408", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-12T04:15:41.833", "references": [{"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/foxtool/tags/2.5.2/inc/goo.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3416529%40foxtool&new=3416529%40foxtool&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/foxtool/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/40886b66-f6a2-404c-9d0d-5fc3da6a896c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T17:32:45.754078+00:00", "value": {"mitigation_remediation": ["Upgrade the Foxtool All\u2011in\u2011One plugin to the latest available release that contains the nonce validation fix", "If an updated version is not available, disable the OAuth connection feature in the plugin settings or remove the plugin entirely until a patch is released", "Train site administrators to verify the authenticity of links before clicking and to recognize CSRF attempts; consider adding a custom nonce check to the foxtool_login_google() function if coding skills allow"], "summary": {"action": "Patch Now", "impact": "Unauthenticated CSRF allowing site administrators to create unauthorized Google OAuth connections"}, "threat_synthesis": {"affected_systems": "The issue affects the Foxtool All\u2011in\u2011One: Contact chat button, Custom login, Media optimize images plugin released by foxtheme. All plugin versions up to and including 2.5.2 are vulnerable.", "description_and_impact": "The vulnerability is a Cross\u2011Site Request Forgery flaw caused by missing or incorrect nonce validation in the foxtool_login_google() function of the Foxtool All\u2011in\u2011One plugin. An attacker can target a site administrator with a crafted link and, if the admin clicks it, the site will establish an OAuth Connection to Google under the admin\u2019s account. The consequence is that the attacker gains the ability to use or abuse the administrator\u2019s authorized OAuth tokens, potentially exposing sensitive data or allowing further privileged actions. The weakness is classified as CWE\u2011352. The CVSS score of 4.3 indicates a low overall severity, and the EPSS score of less than 1% suggests that the exploit is infrequently seen in the wild.", "risk_and_exploitability": "The risk is primarily that an attacker can coerce a legitimate administrator into authorizing an unintended Google OAuth connection. Because the flaw requires an admin to click a malicious link, the attack vector is manual phishing or social engineering. The low CVSS score (4.3) and EPSS lower than 1% indicate limited exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. However, once triggered, the impact can enable the attacker to gain privileged access via the OAuth channel, potentially compromising other services linked to the administrator\u2019s Google account."}}}}, "created": "2025-12-12T08:48:24.752157+00:00", "updated": "2026-04-21T17:45:16.478196+00:00", "vendors": ["foxtheme", "foxtheme$PRODUCT$foxtool_all-in-one", "wordpress", "wordpress$PRODUCT$wordpress"]}