CVE-2025-25107
WordPress OneStore Sites plugin <= 0.1.1 - CSRF to Arbitrary Plugin Installation vulnerability
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through <= 0.1.1.
| CWE | CWE-352 |
| Vendor | sainwp |
| Product | onestore sites |
| Published | Feb 7, 2025 |
| Last Updated | Apr 1, 2026 |
Stay Ahead of the Next One
Get instant alerts for sainwp onestore sites
Be the first to know when new unknown vulnerabilities affecting sainwp onestore sites are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
sainwp / OneStore Sites
0 โค 0.1.1
References
Credits
Abdi Pranata | Patchstack Bug Bounty Program