CVE-2025-22680

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 16, 2025

CWE ID 79

Summary

CVE-2025-22680 is a Cross-site Scripting (XSS) vulnerability affecting the NotFound Ad Inserter Pro plugin from version n/a to 2.7.39. This issue arises due to improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts into web pages viewed by other users. Exploitation of this vulnerability could lead to data theft, unauthorized account access, or other malicious activities. Users are strongly advised to update to the latest version of NotFound Ad Inserter Pro to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2RZlLg
https://www.cve.org/CVERecord?id=CVE-2025-22680
https://nvd.nist.gov/vuln/detail/CVE-2025-22680

Back to Vulnerability Database

CVE-2025-22680

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations