ByteOS Network

NVD Vulnerability Details :

CVE-2025-2247

Analyzed

Source-contact@wpscan.com

Published At-15 May, 2025 | 20:16

Updated At-04 Jun, 2025 | 20:04

The WP-PManager WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CPE Matches

mantus667>>wp-pmanager>>Versions up to 1.2(inclusive)

cpe:2.3:a:mantus667:wp-pmanager:*:*:*:*:*:wordpress:*:*

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	nvd@nist.gov

CWE ID: CWE-352

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://wpscan.com/vulnerability/3974c5c3-887e-46bd-aad7-4f3169bff6de/	contact@wpscan.com	Exploit Third Party Advisory

Hyperlink: https://wpscan.com/vulnerability/3974c5c3-887e-46bd-aad7-4f3169bff6de/

Source: contact@wpscan.com

Resource:

Exploit

Third Party Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History