CVE-2025-26759

Name of the Vulnerable Software and Affected Versions: alexvtn Content Snippet Manager versions 1.1.5 and earlier

Description: The issue is a Cross-Site Request Forgery (CSRF) vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, potentially leading to the execution of malicious scripts.

Recommendations: For versions 1.1.5 and earlier, update to a version that fixes this issue, if available. As a temporary workaround, consider implementing additional security measures to prevent CSRF attacks, such as token-based validation for requests. Restrict access to sensitive areas of the Content Snippet Manager to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved, if possible.