CVE-2025-12401

Name of the Vulnerable Software and Affected Versions Label Plugins versions prior to 0.5

Description The Label Plugins plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by a lack of, or incorrect, nonce validation within the label plugins options() function. An unauthenticated attacker could potentially update settings and inject malicious web scripts by exploiting a forged request, provided they can deceive a site administrator into performing an action.

Recommendations Update to a version of Label Plugins greater than 0.5.