CVE-2025-53313 HIGH

CVE-2025-53313: WordPress Twitch TV Embed Suite plugin <= 2.1.0 - Cross Site Request Forgery (CSRF) Vulnerability

Vendor Plumwd
Product Twitch TV Embed Suite
Weakness CWE-352 · CSRF
Published June 27, 2025
Last update April 28, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Twitch TV Embed Suite twitch-tv-embed-suite allows Stored XSS.This issue affects Twitch TV Embed Suite: from n/a through <= 2.1.0.

Explanation of Vulnerability in Simple Terms

02Summary

The Twitch TV Embed Suite contains a cross-site request forgery (CSRF) vulnerability that allows an attacker to perform unwanted actions on behalf of a site visitor. An attacker can craft a malicious page that, when visited by a logged-in user, triggers unintended changes to the plugin's settings or configuration. The vulnerability affects all versions up to 2.1.0 and requires user interaction to exploit.

What an attacker can do

03Attacker Capabilities

Perform unwanted actions on the site (change settings, modify configuration) on behalf of a logged-in user.

Potential impact on your site

04Site Impact

An attacker can trick your users into unknowingly changing plugin settings or configuration without their knowledge.

Conditions required to exploit

05Prerequisites

A logged-in site user must visit an attacker-controlled page or click a malicious link.

Key dates

06Disclosure timeline

June 27, 2025 CVE published
April 28, 2026 Record updated

Related vulnerabilities

08Related CVE