CVE-2025-25149
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in the Danillo Nunes Login-box WordPress plugin allows attackers to inject malicious scripts that become stored XSS. When exploited, this enables attackers to perform actions as authenticated users and potentially compromise user sessions. This affects all WordPress sites using Login-box plugin versions up to 2.0.4.
💻 Affected Systems
- Danillo Nunes Login-box WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers can inject persistent malicious scripts that execute in users' browsers, leading to session hijacking, credential theft, administrative account takeover, and complete site compromise.
Likely Case
Attackers inject malicious JavaScript that steals session cookies or redirects users to phishing sites, potentially compromising user accounts and site integrity.
If Mitigated
With proper CSRF protections and content security policies, the attack surface is reduced, though the vulnerability still exists in the codebase.
🎯 Exploit Status
Exploitation requires tricking authenticated users into visiting malicious pages, but the stored XSS component makes attacks persistent.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.0.4
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/login-box/vulnerability/wordpress-login-box-plugin-2-0-4-csrf-to-stored-xss-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Login-box' plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.
🔧 Temporary Workarounds
Implement CSRF Tokens
allAdd CSRF protection to all form submissions and state-changing operations
Content Security Policy
allImplement strict CSP headers to mitigate XSS impact
🧯 If You Can't Patch
- Immediately deactivate and remove the Login-box plugin from all WordPress installations
- Implement web application firewall rules to block CSRF attempts and XSS payloads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Login-box version. If version is 2.0.4 or earlier, you are vulnerable.Check Version:
wp plugin list --name=login-box --field=versionVerify Fix Applied:
After update, verify Login-box plugin version is higher than 2.0.4 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to login-box endpoints
- JavaScript injection patterns in form submissions
- Multiple failed CSRF token validations
Network Indicators:
- Suspicious cross-origin requests to WordPress admin endpoints
- Patterns of requests without proper referrer headers
SIEM Query:
source="wordpress.log" AND ("login-box" OR "csrf" OR "xss") AND status=200