CVE-2025-23438

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Jan 16, 2025
CWE ID 79

Summary

CVE-2025-23438 is a Cross-site Scripting (XSS) vulnerability affecting the WP PT-Viewer plugin for WordPress. The flaw, located in the plugin's web page generation process, enables attackers to inject malicious scripts into a page viewed by other users. Successful exploitation could lead to unauthorized access to user data or sessions, potentially resulting in serious privacy concerns or account takeover. Affected versions of WP PT-Viewer include those from the unspecified version n/a through 2.0.2. Users are advised to upgrade to a secure version as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share