CVE-2025-57918
📋 TL;DR
A Cross-Site Request Forgery (CSRF) vulnerability in the ERA404 LinkedInclude WordPress plugin allows attackers to inject malicious scripts that execute when users visit compromised pages. This affects all WordPress sites using LinkedInclude versions up to 3.0.4. The CSRF flaw enables stored cross-site scripting (XSS) attacks.
💻 Affected Systems
- ERA404 LinkedInclude WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject persistent malicious scripts that steal administrator credentials, deface websites, redirect visitors to malicious sites, or install backdoors when administrators view compromised plugin settings pages.
Likely Case
Attackers trick administrators into clicking malicious links that modify plugin settings to inject malicious JavaScript, leading to session hijacking, data theft, or unauthorized actions on affected WordPress sites.
If Mitigated
With proper CSRF protections and content security policies, the attack would fail or have limited impact, though the vulnerability would still exist in the codebase.
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated users into clicking malicious links. CSRF to XSS chain is well-documented and easily weaponized.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.0.5 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'LinkedInclude' and check if update is available. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress repository and replace plugin files.
🔧 Temporary Workarounds
Disable LinkedInclude Plugin
allTemporarily disable the vulnerable plugin until patching is possible
wp plugin deactivate linkedinclude
Implement CSRF Protection Headers
allAdd security headers to WordPress to help mitigate CSRF attacks
Add to .htaccess: Header set X-Frame-Options "DENY"
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'"
Add to wp-config.php: define('FORCE_SSL_ADMIN', true);
🧯 If You Can't Patch
- Remove LinkedInclude plugin completely if not essential
- Restrict admin panel access to trusted IP addresses only
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for LinkedInclude version. If version is 3.0.4 or earlier, system is vulnerable.Check Version:
wp plugin get linkedinclude --field=versionVerify Fix Applied:
After update, verify LinkedInclude version shows 3.0.5 or later in WordPress plugins list.📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin.php?page=linkedinclude
- Multiple failed CSRF token validations for LinkedInclude endpoints
- Unexpected modifications to LinkedInclude settings
Network Indicators:
- HTTP requests with suspicious parameters to LinkedInclude admin endpoints
- Outbound connections to unknown domains from WordPress admin sessions
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin.php" AND query_string="*page=linkedinclude*") AND (http_method="POST" OR status_code>=400)