CVE-2025-52781 - Vulnerability Details

Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav tinynav allows Stored XSS.This issue affects TinyNav: from n/a through <= 1.4.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00025.

No data.

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/tinynav/vulnerability/wordpress-tinynav-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

History

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.	Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav tinynav allows Stored XSS.This issue affects TinyNav: from n/a through <= 1.4.
References	https://patchstack.com/database/wordpress/plugin/tinynav/vulnerability/wordpress-tinynav-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	https://patchstack.com/database/Wordpress/Plugin/tinynav/vulnerability/wordpress-tinynav-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}`

Mon, 23 Jun 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 20 Jun 2025 15:15:00 +0000

Type	Values Removed	Values Added
Description		Cross-Site Request Forgery (CSRF) vulnerability in Beee TinyNav allows Stored XSS. This issue affects TinyNav: from n/a through 1.4.
Title		WordPress TinyNav plugin <= 1.4 - Cross Site Request Forgery (CSRF) Vulnerability
Weaknesses		CWE-352
References		https://patchstack.com/database/wordpress/plugin/tinynav/vulnerability/wordpress-tinynav-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}`

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2025-06-20T15:03:45.299Z

Updated: 2026-04-01T15:56:15.288Z

Reserved: 2025-06-19T10:03:15.195Z

Link: CVE-2025-52781

Vulnrichment

Updated: 2025-06-23T16:13:03.089Z

NVD

Status : Awaiting Analysis

Published: 2025-06-20T15:15:33.373

Modified: 2026-04-01T17:25:40.723

Link: CVE-2025-52781

Redhat

No data.

OpenCVE Enrichment

No data.

Metrics