CVE-2025-3866

Name of the Vulnerable Software and Affected Versions Add Google +1 (Plus one) social share Button plugin for WordPress version 1.0.0 and earlier

Description The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the google-plus-one-share-button page. This allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing a specific action, such as clicking on a link.

Recommendations For Add Google +1 (Plus one) social share Button plugin for WordPress version 1.0.0 and earlier, consider disabling the plugin until a patch is available to prevent exploitation. Restrict access to the google-plus-one-share-button page to minimize the risk of settings updates and malicious script injections.