CVE-2025-32502 HIGH

CVE-2025-32502: WordPress ePaper Lister for Yumpu plugin <= 1.4.0 - CSRF to Stored XSS vulnerability

Vendor Lemmentwickler
Product ePaper Lister for Yumpu
Weakness CWE-352 · CSRF
Published April 9, 2025
Last update May 12, 2026
View on NVD All CVEs

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in lemmentwickler ePaper Lister for Yumpu magazine-lister-for-yumpu allows Stored XSS.This issue affects ePaper Lister for Yumpu: from n/a through <= 1.4.0.

Key dates

02Disclosure timeline

April 9, 2025 CVE published
May 12, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-25071 WordPress Vignette Ads plugin <= 0.2 - CSRF to Stored XSS vulnerability CVE-2022-2224 Gallery for Social Photo <= 1.0.0.27 - Cross-Site Request Forgery to Post Duplication CVE-2023-34030 WordPress Complianz and Complianz Premium plugins - Cross Site Request Forgery (CSRF) CVE-2025-47468 WordPress Hash Form plugin <= 1.2.8 - Cross Site Request Forgery (CSRF) Vulnerability CVE-2023-25463 WordPress wp tell a friend popup form Plugin <= 7.1 is vulnerable to Cross Site Request Forgery (CSRF)