๐Ÿ” CVE Alert

CVE-2025-25107

CRITICAL 9.6

WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability

CVSS Score
9.6
EPSS Score
0.0%
EPSS Percentile
0th

Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through <= 0.1.1.

CWE CWE-352
Vendor sainwp
Product onestore sites
Published Feb 7, 2025
Last Updated Apr 28, 2026
Stay Ahead of the Next One

Get instant alerts for sainwp onestore sites

Be the first to know when new critical vulnerabilities affecting sainwp onestore sites are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

sainwp / OneStore Sites
0 โ‰ค 0.1.1

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/onestore-sites/vulnerability/wordpress-onestore-sites-plugin-0-1-1-csrf-to-arbitrary-plugin-installation-vulnerability?_s_id=cve

Credits

Abdi Pranata | Patchstack Bug Bounty Program