CVE-2025-60075
BaseFortify
Publication date: 2025-10-29
Last updated on: 2025-11-13
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| allegro | hpb_seo_plugin | 3.0.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Allegro Marketing hpb seo plugin for WordPress, which also allows Reflected Cross-Site Scripting (XSS). It affects versions up to and including 3.0.1 of the plugin. CSRF can trick a user into performing unwanted actions on a web application in which they are authenticated, while Reflected XSS can allow attackers to inject malicious scripts that execute in the context of the victim's browser.
How can this vulnerability impact me? :
This vulnerability can allow attackers to perform unauthorized actions on behalf of authenticated users (due to CSRF) and execute malicious scripts in users' browsers (due to Reflected XSS). This can lead to account compromise, data theft, or unauthorized changes to the website or user data.