PT-2025-10435 · WordPress · Contact Us By Lord Linus
Bob Matyas
·
Published
2025-03-09
·
Updated
2026-02-10
·
CVE-2025-1382
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Contact Us By Lord Linus WordPress plugin versions 2.6 and earlier
Description
The issue is related to the lack of CSRF check in some places and missing sanitisation as well as escaping in the Contact Us By Lord Linus WordPress plugin. This could allow attackers to make logged-in admins add Stored XSS payloads via a CSRF attack.
Recommendations
For Contact Us By Lord Linus WordPress plugin versions 2.6 and earlier, update to a version that includes the necessary CSRF checks and sanitisation to prevent Stored XSS attacks. As a temporary workaround, consider restricting access to the plugin's functionality to minimize the risk of exploitation.
Exploit
Fix
XSS
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Contact Us By Lord Linus