CVE-2025-22308
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Published Jan 7, 2025
CWE ID 79
Summary
CVE-2025-22308 is a Cross-site Scripting (XSS) vulnerability affecting the Smart Custom Fields plugin from versions n/a through 5.0.0. This issue allows attackers to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. The flaw occurs due to improper neutralization of user-supplied input during web page generation. Users are advised to update to the latest version of the plugin to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Vendors
- WordPress