CVE-2025-24688

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 14, 2025

CWE ID 79

Summary

CVE-2025-24688 is a Cross-site Scripting (XSS) vulnerability affecting WP Mailster, a plug-in used for newsletter management in WordPress. The flaw, located in the process of generating web pages, allows malicious scripts to be injected and executed in users' browsers. This issue can lead to unauthorized access to sensitive information or the stealing of cookies, potentially putting the integrity and confidentiality of user data at risk. WP Mailster versions from n/a through 1.8.20.0 are reportedly vulnerable to this vulnerability. Users are advised to update their plug-in as soon as possible to mitigate the threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/2umsDy
https://www.cve.org/CVERecord?id=CVE-2025-24688
https://nvd.nist.gov/vuln/detail/CVE-2025-24688

Back to Vulnerability Database

CVE-2025-24688

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations