{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7668", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-14T21:47:08.450Z", "datePublished": "2025-08-16T03:38:50.955Z", "dateUpdated": "2026-04-08T17:05:38.878Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:38.878Z"}, "affected": [{"vendor": "timothyja", "product": "Linux Promotional Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a3e3d91-5ce5-4db1-856e-c1d12471f9ed?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/linux-promotional-plugin/trunk/linux-promotional-plugin.php"}, {"url": "https://wordpress.org/plugins/linux-promotional-plugin/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-352 Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2025-08-15T14:48:12.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-18T13:40:55.354329Z", "id": "CVE-2025-7668", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T13:41:00.740Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7668", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-18T13:40:55.354329Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-18T13:40:57.670Z"}}], "cna": {"title": "Linux Promotional Plugin <= 1.4 - Cross-Site Request Forgery to Stored Cross-Site Scripting", "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.1, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "timothyja", "product": "Linux Promotional Plugin", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.4"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-08-15T14:48:12.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a3e3d91-5ce5-4db1-856e-c1d12471f9ed?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/linux-promotional-plugin/trunk/linux-promotional-plugin.php"}, {"url": "https://wordpress.org/plugins/linux-promotional-plugin/"}], "descriptions": [{"lang": "en", "value": "The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352 Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:05:38.878Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7668", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:05:38.878Z", "dateReserved": "2025-07-14T21:47:08.450Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-16T03:38:50.955Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Linux Promotional Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the 'inux-promotional-plugin.php' page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento Linux Promotional Plugin para WordPress es vulnerable a cross-site request forgery en todas las versiones hasta la 1.4 incluida. Esto se debe a la falta o a una validaci\u00f3n de nonce incorrecta en la p\u00e1gina 'inux-promotional-plugin.php'. Esto permite que atacantes no autenticados actualicen la configuraci\u00f3n e inyecten scripts web maliciosos mediante una solicitud falsificada, ya que pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-7668", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-08-16T04:16:06.500", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/linux-promotional-plugin/trunk/linux-promotional-plugin.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/linux-promotional-plugin/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a3e3d91-5ce5-4db1-856e-c1d12471f9ed?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:19:58.688069+00:00", "value": {"mitigation_remediation": ["Update the Linux Promotional Plugin to the latest version that includes proper nonce validation.", "Scan the site for residual malicious scripts injected before the update and remove them.", "Optionally, restrict administrative access to trusted users and monitor admin activity logs so that any unexpected changes can be detected early."], "summary": {"action": "Patch Plugin", "impact": "Cross\u2011Site Request Forgery leading to Stored Cross\u2011Site Scripting"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the timothyja:Linux Promotional Plugin plugin up to and including version 1.4 are impacted. All earlier releases of the plugin are also vulnerable.", "description_and_impact": "The Linux Promotional Plugin in WordPress is affected by a missing or improper nonce check on the plugin\u2019s main admin page, allowing attackers to forge a request that updates plugin settings. The forged request can include malicious scripts that are then stored in the plugin configuration. The outcome is a stored cross\u2011site scripting vulnerability that compromises the integrity and appearance of the site and can be used to steal visitor credentials or deface content.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate severity. The EPSS score is below 1%, suggesting a low likelihood of widespread exploitation, and the vulnerability is not listed in the CISA KEV catalog. An attacker would need to entice a site administrator into clicking a crafted link or otherwise submitting a forged form to trigger the stored script. While the exploit requires a legitimate admin session, the compromised site can suffer defacement and potential credential theft through the injected script."}}}}, "created": "2026-04-21T19:30:06.082667+00:00", "updated": "2026-04-21T19:30:06.082678+00:00", "vendors": []}