Description
Cross-Site Request Forgery (CSRF) vulnerability in itamarg SEOReseller Partner sr-partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through <= 1.3.15.
Published: 2025-01-16
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The SEOReseller Partner sr‑partner plugin contains a CSRF vulnerability that allows an attacker to inject arbitrary scripts which are then stored by the site and executed in the browsers of all users who view the affected content. This stored cross‑site scripting leads to potential data theft, defacement, or session hijacking for visitors of the compromised WordPress site.

Affected Systems

The vulnerability affects the WordPress SEOReseller Partner plugin (sr‑partner) from all available releases through version 1.3.15. Anyone running this plugin in this version range on a WordPress installation must consider the plugin in use and apply a fix.

Risk and Exploitability

The vulnerability carries a CVSS score of 7.1 and an extremely low EPSS score (<1%). It is not listed in the CISA KEV catalog. Exploitation would require forming a CSRF request that triggers the plugin’s data‑saving endpoint, which typically requires administrative credentials or an authenticated user. Once triggered, the stored malicious script can execute whenever page content is rendered, affecting confidentiality, integrity, and availability of the site.

Generated by OpenCVE AI on May 1, 2026 at 20:44 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the SEOReseller Partner plugin to a version newer than 1.3.15
  • If an immediate upgrade is not possible, disable or remove the plugin to eliminate the exploitation surface
  • Restrict administrative access to the plugin’s configuration pages so that only trusted users can perform actions that could trigger XSS
  • Consider adding a web‑application firewall rule that blocks suspicious POST requests to the plugin’s endpoints

Generated by OpenCVE AI on May 1, 2026 at 20:44 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3437 Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15. Cross-Site Request Forgery (CSRF) vulnerability in itamarg SEOReseller Partner sr-partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through <= 1.3.15.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Fri, 17 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 16 Jan 2025 20:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15.
Title WordPress SEOReseller Partner plugin <= 1.3.15 - CSRF to Stored XSS vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:20.799Z

Reserved: 2025-01-16T11:30:28.608Z

Link: CVE-2025-23805

cve-icon Vulnrichment

Updated: 2025-01-17T17:18:17.625Z

cve-icon NVD

Status : Deferred

Published: 2025-01-16T21:15:21.643

Modified: 2026-06-17T08:57:20.853

Link: CVE-2025-23805

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T20:45:25Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)