A critical security vulnerability (CVE-2025-8592) has been discovered in the Inspiro WordPress theme, affecting over 70,000 sites and allowing attackers to exploit CSRF flaws to install plugins without consent. Users are urged to update to version 2.1.3 immediately to patch the vulnerability. #CVE20258592 #WordPressInspiro
Keypoints
- The vulnerability impacts all versions of Inspiro up to and including 2.1.2.
- It enables unauthenticated attackers to hijack admin sessions and install plugins via CSRF attacks.
- The root cause is ineffective nonce validation in the inspiro_install_plugin() function.
- It has a high CVSS score of 8.1, indicating a significant security risk.
- The issue has been fixed in Inspiro version 2.1.3, released after the disclosure.
Read More: https://thecyberexpress.com/csrf-flaw-cve-2025-8592/