What is the severity of CVE-2025-23989?

CVE-2025-23989 is categorized as a Cross-Site Request Forgery (CSRF) vulnerability with a medium severity level.

How do I fix CVE-2025-23989?

To fix CVE-2025-23989, update the SabLab Internal Link Builder plugin to the latest version beyond 1.0.

What software is affected by CVE-2025-23989?

CVE-2025-23989 affects the SabLab Internal Link Builder plugin versions from n/a through 1.0.

What type of vulnerability is CVE-2025-23989?

CVE-2025-23989 is a Cross-Site Request Forgery (CSRF) vulnerability.

Can CVE-2025-23989 lead to further exploitation?

Yes, if exploited, CVE-2025-23989 can potentially lead to unauthorized actions being performed on behalf of the authenticated user.

Vulnerability/
CVE-2025-23989

Exploited

high

7.1

CWE

352

EPSS

0.043%

31/1/2025

10/2/2025

CVE-2025-23989: WordPress Internal Link Builder plugin <= 1.0 - CSRF to Stored XSS vulnerability

First published: Fri Jan 31 2025(Updated: )

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi - SabLab Internal Link Builder allows Cross Site Request Forgery. This issue affects Internal Link Builder: from n/a through 1.0.

Credit: audit@patchstack.com

Affected Software	Affected Version	How to fix
WordPress Internal Link Builder	<=1.0
WordPress Internal Link Builder	<=1.0

Never miss a vulnerability like this again

Reference Links

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2025-21355

Frequently Asked Questions

What is the severity of CVE-2025-23989?
CVE-2025-23989 is categorized as a Cross-Site Request Forgery (CSRF) vulnerability with a medium severity level.
How do I fix CVE-2025-23989?
To fix CVE-2025-23989, update the SabLab Internal Link Builder plugin to the latest version beyond 1.0.
What software is affected by CVE-2025-23989?
CVE-2025-23989 affects the SabLab Internal Link Builder plugin versions from n/a through 1.0.
What type of vulnerability is CVE-2025-23989?
CVE-2025-23989 is a Cross-Site Request Forgery (CSRF) vulnerability.
Can CVE-2025-23989 lead to further exploitation?
Yes, if exploited, CVE-2025-23989 can potentially lead to unauthorized actions being performed on behalf of the authenticated user.

collector/nvd-api
source/NVD
agent/type
agent/description
agent/author
agent/weakness
collector/mitre-cve
source/MITRE
agent/title
agent/last-modified-date
agent/first-publish-date
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
collector/epss-latest
source/FIRST
agent/epss
collector/bleeping-computer
source/BleepingComputer
alias/CVE-2025-23989
alias/CVE-2025-21355
agent/news-ai
zeroday/true
exploited/true
agent/source
agent/tags
agent/references
agent/severity
agent/event
agent/trending
vendor/alessandro piconi
canonical/wordpress internal link builder
vendor/wordpress

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.