Description
Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7.
Published: 2025-09-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a Cross‑Site Request Forgery flaw in the WordPress Doliconnect plugin that allows an attacker to submit requests that are executed with the privileges of an authenticated site user. The flaw can also lead to stored cross‑site scripting if malicious data is saved, enabling the attacker to perform actions on the site without authorization and potentially modify content or steal data.

Affected Systems

WordPress installations running the Doliconnect plugin version 9.5.7 or earlier. The affected vendor is ptibogxiv.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity of risk, yet the EPSS score below 1% suggests a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Likely attack path requires a user who is logged into the WordPress site to click a crafted link or load an image that triggers the unauthorized request.

Generated by OpenCVE AI on April 30, 2026 at 01:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Doliconnect plugin to a version newer than 9.5.7.
  • Disable the plugin temporarily if an upgrade is not immediately available.
  • Conduct a review of user sessions and ensure that no malicious scripts are embedded in stored content.

Generated by OpenCVE AI on April 30, 2026 at 01:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30507 Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7. Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect doliconnect allows Stored XSS.This issue affects Doliconnect: from n/a through <= 9.5.7.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 23 Sep 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Cross-Site Request Forgery (CSRF) vulnerability in ptibogxiv Doliconnect allows Stored XSS. This issue affects Doliconnect: from n/a through 9.5.7.
Title WordPress Doliconnect Plugin <= 9.5.7 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses CWE-352
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-12T00:59:55.980Z

Reserved: 2025-09-03T09:03:53.070Z

Link: CVE-2025-58690

cve-icon Vulnrichment

Updated: 2025-09-23T13:59:33.304Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:20.970

Modified: 2026-04-23T15:33:36.177

Link: CVE-2025-58690

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T02:00:13Z

Weaknesses
  • CWE-352

    Cross-Site Request Forgery (CSRF)