CVE-2025-23617
📋 TL;DR
This CSRF vulnerability in Floatbox Plus WordPress plugin allows attackers to trick authenticated administrators into executing malicious actions, leading to stored cross-site scripting (XSS). Attackers can inject malicious scripts that execute in users' browsers when they visit affected pages. This affects all WordPress sites using Floatbox Plus version 1.4.4 or earlier.
💻 Affected Systems
- Floatbox Plus WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent malicious scripts that steal session cookies, redirect users to phishing sites, or perform actions as authenticated users, potentially compromising the entire WordPress site.
Likely Case
Attackers create fake admin interfaces or links that trick administrators into saving malicious JavaScript, leading to client-side attacks against site visitors.
If Mitigated
With proper CSRF tokens and input validation, the attack chain is broken and no malicious scripts can be stored.
🎯 Exploit Status
Exploitation requires tricking an authenticated admin user to click a malicious link while logged in. The CSRF leads to stored XSS payload injection.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.4.5 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Floatbox Plus and click 'Update Now'. 4. Verify update to version 1.4.5 or later.
🔧 Temporary Workarounds
Disable Floatbox Plus Plugin
WordPressTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate floatbox-plus
Implement CSRF Protection
WordPressAdd custom CSRF tokens to all admin forms if plugin modification is possible
🧯 If You Can't Patch
- Disable the Floatbox Plus plugin entirely
- Implement web application firewall rules to block suspicious admin requests
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Floatbox Plus version. If version is 1.4.4 or earlier, you are vulnerable.Check Version:
wp plugin get floatbox-plus --field=versionVerify Fix Applied:
After updating, verify Floatbox Plus shows version 1.4.5 or later in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to wp-admin/admin-ajax.php with Floatbox Plus parameters
- Multiple failed admin actions from same IP
- Admin users reporting unexpected plugin configuration changes
Network Indicators:
- Cross-origin requests to admin endpoints without proper referrer headers
- Suspicious iframe or form submissions targeting Floatbox Plus admin functions
SIEM Query:
source="wordpress.log" AND ("floatbox-plus" OR "admin-ajax.php") AND (POST AND NOT "_wpnonce")