CVE-2025-22685: 
WordPress vulnerability analysis and mitigation

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in CheGevara Tags to Keywords WordPress plugin, identified as CVE-2025-22685. The vulnerability affects versions through 1.0.1 of the Tags to Keywords plugin and was discovered by security researcher Abdi Pranata. The issue was publicly disclosed on January 31, 2025, and was last updated on February 3, 2025 (Patchstack).

The vulnerability has been assigned a CVSS v3.1 base score of 7.1 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The issue is classified under CWE-352 (Cross-Site Request Forgery) and allows for Stored XSS attacks. The vulnerability requires no authentication to exploit and has been categorized as having low attack complexity (NVD, Patchstack).

This vulnerability could allow malicious actors to force higher privileged users to execute unwanted actions under their current authentication. The combination of CSRF with Stored XSS capabilities increases the potential impact on affected systems (Patchstack).

The vulnerability has been fixed in version 1.0.2 of the Tags to Keywords plugin. Users are advised to update to version 1.0.2 or later to remove the vulnerability. Patchstack users can enable auto-update for vulnerable plugins as an additional security measure (Patchstack).