CVE-2025-8592

CVSS v3.1

8.1

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Inspiro theme for WordPress versions prior to 2.1.3

Description: The Inspiro theme for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the inspiro install plugin() function. This allows unauthenticated attackers to install plugins from the repository by deceiving a site administrator into performing an action, such as clicking a malicious link.

Recommendations: Update the Inspiro theme to version 2.1.3 or later.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-8592

Affected Products

Inspiro

CVE-2025-8592

Weakness Enumeration

Related Identifiers

Affected Products

References · 15