How to fix CVE-2025-52792?

Within 24 hours: Audit all WordPress installations for WP User Stylesheet Switcher plugin presence and versions; disable the plugin immediately if found. Within 7 days: Implement compensating controls (WAF rules blocking stylesheet switcher endpoints, restrict plugin access to administrators only). Within 30 days: Monitor vendor communications for patch availability; evaluate alternative plugins or upgrade when patch is released; conduct security assessment of affected sites for evidence of compromise.

Is PHP affected by CVE-2025-52792?

A high-severity vulnerability in the WP User Stylesheet Switcher plugin (versions up to 2.2.0) allows attackers to inject malicious code through CSRF and stored XSS attacks, potentially compromising user accounts and website integrity.

CVE-2025-52792

EUVD-2025-28467 HIGH

2025-06-20 [email protected]

7.1

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 00:19 euvd

EUVD-2025-28467

Analysis Generated

Mar 15, 2026 - 00:19 vuln.today

CVE Published

Jun 20, 2025 - 15:15 nvd

HIGH 7.1

Description

Cross-Site Request Forgery (CSRF) vulnerability in vgstef WP User Stylesheet Switcher allows Stored XSS. This issue affects WP User Stylesheet Switcher: from n/a through v2.2.0.

Analysis

CVE-2025-52792 is a Cross-Site Request Forgery (CSRF) vulnerability in the vgstef WP User Stylesheet Switcher WordPress plugin (versions up to v2.2.0) that enables Stored XSS attacks. An unauthenticated attacker can exploit this via a simple network request with user interaction to inject malicious scripts that execute in victims' browsers, potentially compromising user sessions and data. The vulnerability has not been confirmed as actively exploited in the wild, though the high CVSS score (7.1) and network-accessible attack vector indicate practical exploitability.

Technical Context

WP User Stylesheet Switcher is a WordPress plugin that allows users to switch between different stylesheets. The vulnerability stems from inadequate CSRF token validation (CWE-352: Cross-Site Request Forgery) combined with insufficient input sanitization that permits Stored XSS injection. The plugin fails to properly implement WordPress's nonce verification mechanisms, allowing attackers to craft malicious requests that modify plugin settings or user data without explicit authorization. The stored nature of the XSS means the payload persists in the database and executes whenever affected pages are rendered, affecting all users who interact with compromised content. The CPE identifier would be: cpe:2.7:a:vgstef:wp_user_stylesheet_switcher:*:*:*:*:*:wordpress:*:* (versions through 2.2.0).

Affected Products

WP User Stylesheet Switcher (All versions from initial release through v2.2.0)

Remediation

Navigate to WordPress admin > Plugins > Installed Plugins, locate WP User Stylesheet Switcher, and click Update if available Mitigation (if patch unavailable): WordPress admin > Plugins > Installed Plugins > Deactivate WP User Stylesheet Switcher Defense in Depth: Use security plugins (e.g., Wordfence, Sucuri) to monitor for exploitation attempts and enforce nonce validation site-wide Monitoring: Review WordPress user activity logs and plugin settings for anomalies post-disclosure

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +36

POC: 0

CVE-2025-52792 vulnerability details – vuln.today

Back

CVE-2025-52792

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

CVE-2025-52792

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Share

External POC / Exploit Code