CVE-2025-30587: WordPress LH OGP Meta plugin <= 1.73 - CSRF to Stored XSS Vulnerability
First published: Mon Mar 24 2025(Updated: )
Cross-Site Request Forgery (CSRF) vulnerability in shawfactor LH OGP Meta allows Stored XSS. This issue affects LH OGP Meta: from n/a through 1.73.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Shawfactor LH OGP Meta | >n/a<=1.73 | |
| WordPress LH OGP Meta | <=1.73 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-30587?
CVE-2025-30587 is classified as a medium severity Cross-Site Request Forgery (CSRF) vulnerability that can lead to Stored XSS.
How do I fix CVE-2025-30587?
To mitigate CVE-2025-30587, update the LH OGP Meta plugin to the latest version beyond 1.73.
What software is affected by CVE-2025-30587?
CVE-2025-30587 affects the LH OGP Meta plugin versions n/a through 1.73 in both Shawfactor and WordPress.
Can CVE-2025-30587 lead to data breaches?
Yes, CVE-2025-30587 can lead to potential data breaches due to its ability to exploit CSRF for executing Stored XSS.
Who is responsible for the CVE-2025-30587 vulnerability?
The CVE-2025-30587 vulnerability has been identified in the LH OGP Meta plugin developed by Shawfactor.
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/title
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- agent/softwarecombine
- agent/source
- agent/tags
- collector/epss-latest
- source/FIRST
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/epss
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/shawfactor
- canonical/shawfactor lh ogp meta
- vendor/wordpress
- canonical/wordpress lh ogp meta