CVE-2025-22688

Name of the Vulnerable Software and Affected Versions Ederson Peka Unlimited Page Sidebars versions n/a through 0.2.6

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts. The vulnerability affects the Unlimited Page Sidebars plugin.

Recommendations For versions n/a through 0.2.6, update to a version later than 0.2.6 to resolve the issue. As a temporary workaround, consider disabling the Unlimited Page Sidebars plugin until a patch is available. Restrict access to the plugin's functionality to minimize the risk of exploitation. Avoid using the plugin's features that may be vulnerable to CSRF attacks until the issue is resolved.