PT-2025-49343 · WordPress · Wp Landing Page

Ivan Cese

Published

2025-12-06

Updated

2025-12-06

CVE-2025-13629

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions WP Landing Page plugin for WordPress versions up to and including 0.9.3

Description The WP Landing Page plugin for WordPress is susceptible to Cross-Site Request Forgery, allowing unauthenticated attackers to update arbitrary post meta via a forged request. This is possible due to missing nonce validation on the wplp api update text function. An attacker could trick a site administrator into performing an action, such as clicking a link, to execute the malicious request.

Recommendations Update the WP Landing Page plugin to a version later than 0.9.3.

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2025-13629

Affected Products

Wp Landing Page

PT-2025-49343 · WordPress · Wp Landing Page

CVE-2025-13629

Weakness Enumeration

Related Identifiers

Affected Products

References · 7