CVE-2025-24559

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Feb 3, 2025

Updated: Feb 11, 2025

CWE ID 79

Summary

CVE-2025-24559 is a Cross-site Scripting (XSS) vulnerability affecting WP Mailster, a popular WordPress mailing list plugin. The flaw, which permits Reflected XSS, arises from improper neutralization of user input during web page generation. This issue affects WP Mailster versions from n/a through 1.8.15.0, posing a significant risk to websites that use this plugin and have not yet applied the necessary security patch. Successful exploitation could lead to unauthorized script execution in users' web browsers, potentially exposing sensitive information or enabling various attacks. It is essential for WP Mailster users to update their installations promptly to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Advisories, Assessments, and Mitigations

Back to Vulnerability Database