CVE-2025-1525

CVSS 3.1 Score 3.5 of 10 (low)

Details

Published Apr 17, 2025

Updated: Apr 30, 2025

CWE ID 79

Summary

CVE-2025-1525 is a vulnerability affecting the Ultimate Dashboard plugin for WordPress before version 3.8.6. This issue permits high privilege users, including admins, to carry out Stored Cross-Site Scripting attacks. Although the unfiltered_html capability is typically disallowed, particularly in multisite configurations, the plugin fails to sanitize and escape certain settings, making these attacks possible. This flaw poses a significant security risk, as an attacker could inject malicious scripts into a website, leading to unauthorized access or data theft.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Davidvongries Ultimate Dashboard

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3kD-zS
https://www.cve.org/CVERecord?id=CVE-2025-1525
https://nvd.nist.gov/vuln/detail/CVE-2025-1525

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Predator Still Active, with New Client and Corporate Links Identified

Russia-Aligned TAG-110 Targets Tajikistan with Macro-Enabled Word Documents

Know What Matters

For Customers

For Partners

CVE-2025-1525

CVSS 3.1 Score 3.5 of 10 (low)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations