CVE-2025-22308

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 7, 2025
CWE ID 79

Summary

CVE-2025-22308 is a Cross-site Scripting (XSS) vulnerability affecting the Smart Custom Fields plugin from versions n/a through 5.0.0. This issue allows attackers to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. The flaw occurs due to improper neutralization of user-supplied input during web page generation. Users are advised to update to the latest version of the plugin to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share