CVE-2025-23492

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 14, 2025

CWE ID 79

Summary

CVE-2025-23492 is a Cross-site Scripting (XSS) vulnerability affecting the CantonBolo WordPress 淘宝客 plugin. This issue stems from improper neutralization of user inputs during web page generation. An attacker can exploit this flaw to inject malicious scripts into a targeted user's web browser. The vulnerability is present in the plugin from versions n/a through 1.1.2, posing a threat to those using outdated software. To mitigate the risk, it is strongly recommended that users update their plugins to the latest version and maintain secure coding practices.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2haFH_
https://www.cve.org/CVERecord?id=CVE-2025-23492
https://nvd.nist.gov/vuln/detail/CVE-2025-23492

Back to Vulnerability Database

CVE-2025-23492

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations