CVE-2025-28857: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the Rankchecker.io Integration WordPress plugin that allows for Stored Cross-Site Scripting (XSS). The vulnerability affects all versions of Rankchecker.io Integration up to and including version 1.0.9. The issue was initially reported on February 28, 2025, by researcher Nguyen Thi Huyen Trang (Skalucy) and was officially published on March 11, 2025 (Patchstack).

The vulnerability has been assigned CVE-2025-28857 and is classified under CWE-352 (Cross-Site Request Forgery). It received a CVSS v3.1 base score of 6.1 (MEDIUM) from NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, while Patchstack assessed it with a higher CVSS score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L (NVD).

The vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The attack requires no authentication to exploit, though it does require user interaction. The potential impact includes low-level compromise of confidentiality and integrity of the affected system (Patchstack).

As of the vulnerability disclosure, no official fix has been made available for the affected versions of the Rankchecker.io Integration plugin. The security issue has been assessed as having a low severity impact and is considered unlikely to be exploited (Patchstack).