A security vulnerability identified as Cross-Site Request Forgery (CSRF) in the Rishi On Page SEO + Whatsapp Chat Button plugin can lead to Stored XSS attacks. This issue affects all versions from n/a to 2.0.0. Documented as CVE-2025-25138, the vulnerability emphasizes the need for enhanced security measures in web applications to protect against these types of threats. The flaw is categorized under CWE-352, reflecting common weaknesses in the field of cybersecurity.
The Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button permits Stored XSS, affecting versions from n/a to 2.0.0.
This vulnerability, logged under CVE-2025-25138 and identified by the CWE-352 classification, highlights security flaws prevalent in web applications.
Collection
[
|
...
]