Cybersecurity Vulnerabilities

Urgent Security Alert: CSRF Vulnerability in Like-it WordPress Plugin (CVE-2025-12404)

November 18, 2025 - By 

Overview

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Like-it WordPress plugin, tracked as CVE-2025-12404. This vulnerability affects all versions of the plugin up to and including version 2.2. Successful exploitation of this vulnerability allows unauthenticated attackers to modify plugin settings and inject malicious web scripts if they can trick an administrator into performing an unintended action, such as clicking a specially crafted link.

Technical Details

The vulnerability stems from missing or inadequate nonce validation in the likeit_conf() function. This function handles the plugin’s configuration settings. The absence of proper nonce verification means that an attacker can forge a request to this function, effectively altering plugin settings without the administrator’s explicit consent. Specifically, the vulnerability exists because the requests made via the config.php template aren’t correctly validated using a nonce.

Vulnerable code locations:

CVSS Analysis

The Common Vulnerability Scoring System (CVSS) score for CVE-2025-12404 is 6.1, which is classified as MEDIUM severity. This score reflects the potential impact of the vulnerability, taking into account factors such as the ease of exploitation and the potential for data modification or system compromise.

Possible Impact

Successful exploitation of this CSRF vulnerability could lead to several serious consequences:

  • Settings Modification: Attackers can alter plugin settings, potentially disabling security features or enabling malicious functionalities.
  • Malicious Script Injection: Injecting malicious JavaScript or other web scripts could allow attackers to redirect users to phishing sites, steal sensitive information (e.g., cookies, credentials), or deface the website.
  • Website Compromise: In severe cases, the injected scripts could be used to gain further access to the WordPress site, potentially leading to a complete website takeover.

Mitigation and Patch Steps

To protect your WordPress website from CVE-2025-12404, take the following steps:

  1. Update the Plugin: The most crucial step is to update the Like-it plugin to the latest available version as soon as a patch is released. Check the WordPress plugin repository for updates.
  2. Disable the Plugin (If No Update Available): If an update is not yet available, temporarily disable the Like-it plugin until a patched version is released.
  3. Security Awareness: Educate website administrators and users about the risks of clicking on suspicious links or visiting untrusted websites. Promote a culture of security awareness.
  4. Use a Security Plugin: Consider using a WordPress security plugin that offers CSRF protection and monitors for suspicious activity.

References

Wordfence Vulnerability Report
Like-it Plugin Source Code (like-it.php#L130)
Like-it Plugin Source Code (like-it.php#L131)
Like-it Plugin Source Code (config.php#L37)

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *