CVE-2025-25074: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the WP Social Stream WordPress plugin, tracked as CVE-2025-25074. The vulnerability affects versions up to 1.1 of the plugin and was discovered by researcher SOPROBRO. The vulnerability was reported on October 22, 2024, and publicly disclosed on February 3, 2025 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 score of 7.1 (High), with the following vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability combines Cross-Site Request Forgery (CSRF) with Stored Cross-Site Scripting (XSS) capabilities, allowing unauthenticated attackers to execute unwanted actions under the context of privileged users (Patchstack).

The vulnerability allows malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The impact is classified as having low severity but combines both CSRF and Stored XSS capabilities, potentially affecting the confidentiality, integrity, and availability of the affected systems (Patchstack).

Currently, no official fix is available for this vulnerability. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).