CVE-2025-67593
WordPress UsersWP plugin <= 1.2.48 - Cross Site Request Forgery (CSRF) vulnerabilityCross-Site Request Forgery (CSRF) vulnerability in Stiofan UsersWP userswp allows Cross Site Request Forgery.This issue affects UsersWP: from n/a through <= 1.2.48.
We have discovered 1,328 live websites that are affected by CVE-2025-67593.
Affected Software
| Product |  Userswp |
| Category | Wordpress Plugins |
| Vulnerable Domains | 1,328 live websites (39% of Userswp install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 81 versions ( 88% of all versions) |
Details
- Published - Dec 9, 2025
- Updated - Apr 1, 2026
Credits
- daroo | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-67593 United States | 452 websites |
 Germany | 123 websites |
 Italy | 97 websites |
 GB | 84 websites |
 France | 53 websites |
 Russia | 38 websites |
 Spain | 38 websites |
 Australia | 34 websites |
 Poland | 30 websites |
 South Africa | 29 websites |
Website Distribution by TLD
Number of websites using CVE-2025-67593| .com | 533 websites |
| .org | 116 websites |
| .it | 67 websites |
| .de | 59 websites |
| .co.uk | 45 websites |
| .net | 40 websites |
| .ru | 31 websites |
| .pl | 25 websites |
| .fr | 22 websites |
| .ca | 21 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-67593
Top websites that are affected by CVE-2025-67593. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***************.org | United States | *,*** | |
| *********.com | United States | **,*** | |
| ********.com | United States | ***,*** | |
| **.today | United States | ***,*** | |
| ******.com | United States | ***,*** | |
| ************.com | United States | ***,*** | |
| *****.org | United States | ***,*** | |
| *********.com | United States | ***,*** | |
| ******.org | Germany | ***,*** | |
| **********.org | United States | ***,*** |