CVE-2025-7685: 
WordPress vulnerability analysis and mitigation

The Like & Share My Site plugin for WordPress has been identified with a Cross-Site Request Forgery vulnerability (CVE-2025-7685), discovered and reported on July 21, 2025. This vulnerability affects all versions up to and including version 0.2 of the plugin. The security flaw was identified by researcher johska and has been assigned a CVSS v3.1 base score of 6.1 (Medium severity) (Wordfence).

The vulnerability stems from missing or incorrect nonce validation on the 'lsms_admin' page. The CVSS vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction. The scope is changed, with low impacts on confidentiality and integrity, and no impact on availability (NVD).

If successfully exploited, this vulnerability allows unauthenticated attackers to update settings and inject malicious web scripts through forged requests. The attack requires social engineering to trick a site administrator into performing specific actions, such as clicking on a malicious link (NVD).

Website administrators running the Like & Share My Site plugin should immediately update to a version newer than 0.2 if available. If no patch is available, it is recommended to consider removing or disabling the plugin until a security fix is released (NVD).