CVE-2023-25985

MEDIUM

WordPress Tooltips < 8.2.5 - Cross-Site Request Forgery

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-25985. PoCs published by yaudahbanh.

AI-analyzed exploit summary The repository contains detailed writeups for multiple WordPress plugin vulnerabilities, including XSS and CSRF issues. Each README provides descriptions, mitigation steps, timelines, and references but lacks functional exploit code.

Description

Cross-Site Request Forgery (CSRF) vulnerability in Tomas | Docs | FAQ | Premium Support WordPress Tooltips.This issue affects WordPress Tooltips: from n/a through 8.2.5.

Exploits (1)

github WRITEUP

by yaudahbanh · poc

https://github.com/yaudahbanh/CVE-Archive/tree/main/CVE-2023-25985

View Code ZIP pw:eip

The repository contains detailed writeups for multiple WordPress plugin vulnerabilities, including XSS and CSRF issues. Each README provides descriptions, mitigation steps, timelines, and references but lacks functional exploit code.

Classification

Writeup 90%

Attack Type

Xss | Csrf

Complexity

Moderate

Reliability

Theoretical

Target: WordPress plugins (e.g., EZP Coming Soon Page, WP Booking System, eCommerce Product Catalog)

No auth needed

Prerequisites: Access to vulnerable WordPress plugin versions

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory vdb-entry

https://patchstack.com/database/vulnerability/wordpress-tooltips/wordpress-wordpress-tooltips-plugin-8-2-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Scores

CVSS v3 4.3

EPSS 0.0034

EPSS Percentile 25.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-352

Status published

Products (2)

Tomas | Docs | FAQ | Premium Support/WordPress Tooltips < 8.2.5

tooltips/wordpress_tooltips < 8.2.5

Published Nov 18, 2023

Tracked Since Feb 18, 2026