CVE-2025-1436: Limit Bio <= 1.0 - Stored XSS via CSRF
First published: Thu Mar 13 2025(Updated: )
The Limit Bio WordPress plugin through 1.0 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
Credit: contact@wpscan.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Limit Bio | <1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-1436?
CVE-2025-1436 is classified as a critical vulnerability due to the potential for stored XSS attacks.
How do I fix CVE-2025-1436?
To fix CVE-2025-1436, update the Limit Bio WordPress plugin to a version higher than 1.0 that addresses the CSRF check and input sanitization issues.
What types of attacks can CVE-2025-1436 facilitate?
CVE-2025-1436 can facilitate Cross-Site Scripting (XSS) attacks through CSRF exploitation.
Who is affected by CVE-2025-1436?
Users with the Limit Bio WordPress plugin version 1.0 or earlier installed are affected by CVE-2025-1436.
What should I do if I cannot update the Limit Bio WordPress plugin due to CVE-2025-1436?
If unable to update, immediately disable the Limit Bio WordPress plugin to mitigate risks related to CVE-2025-1436.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/source
- agent/author
- agent/tags
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/event
- vendor/limit bio
- canonical/limit bio