CVE-2025-22690: 
WordPress vulnerability analysis and mitigation

Cross-Site Request Forgery (CSRF) vulnerability was discovered in DigiTimber cPanel Integration plugin affecting versions through 1.4.6. The vulnerability was discovered on January 24, 2025, and publicly disclosed on January 31, 2025. This security issue affects the WordPress plugin DigiTimber cPanel Integration and allows Stored XSS attacks (Patchstack).

The vulnerability is classified as a Cross-Site Request Forgery (CSRF) that can lead to Stored Cross-Site Scripting (XSS). It has been assigned CVE-2025-22690 and received a CVSS v3.1 score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability requires no authentication to exploit and falls under the OWASP Top 10 category A1: Broken Access Control (NVD, Patchstack).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication, potentially leading to stored cross-site scripting attacks. The impact affects confidentiality, integrity, and availability, each rated as Low according to the CVSS scoring (Patchstack).

The vulnerability has been fixed in version 1.4.8 of the DigiTimber cPanel Integration plugin. Users are advised to update to version 1.4.8 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins (Patchstack).