CVE-2025-13365
CSRF and Stored XSS in WP Hallo Welt Plugin
Publication date: 2025-12-20
Last updated on: 2025-12-20
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| franz_wieser | wp_hallo_welt | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The WP Hallo Welt plugin for WordPress has a Cross-Site Request Forgery (CSRF) vulnerability in all versions up to and including 1.4. This occurs because the 'hallo_welt_seite' function lacks proper nonce validation, allowing attackers to trick an administrator into performing actions like updating plugin settings via forged requests. Additionally, insufficient input sanitization and output escaping can lead to Stored Cross-Site Scripting (XSS), enabling attackers to inject malicious scripts.
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to change plugin settings by tricking an administrator into clicking a malicious link, potentially injecting malicious scripts into the site. This can lead to stored XSS attacks, which may compromise site integrity, steal user data, or perform actions on behalf of the administrator without their consent.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WP Hallo Welt plugin version is up to and including 1.4 and verifying if the 'hallo_welt_seite' function lacks proper nonce validation. Since the vulnerability allows unauthenticated attackers to update plugin settings via forged requests, monitoring HTTP POST requests to the admin page related to the plugin for suspicious or unexpected changes could help. Specific commands are not provided in the resources, but generally, you can use web server logs to look for POST requests to the plugin's admin page or use tools like curl to test nonce validation by sending crafted requests. For example, using curl to send POST requests without valid nonces and observing if settings are updated could indicate vulnerability. [2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the WP Hallo Welt plugin to a version that fixes the nonce validation issue (versions above 1.4 if available). If no update is available, restrict access to the plugin's admin page to trusted administrators only, and avoid clicking on suspicious links that could trigger forged requests. Additionally, implementing Web Application Firewall (WAF) rules to block CSRF attempts and monitoring for unusual admin activity can help reduce risk. [2]