CVE-2025-24730

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 24, 2025

CWE ID 79

Summary

CVE-2025-24730 is a Cross-site Scripting (XSS) vulnerability affecting Rextheme WP VR from versions n/a through 8.5.14. An attacker can exploit this Improper Neutralization of Input During Web Page Generation issue to inject malicious scripts into web pages viewed by other users, potentially stealing sensitive information or taking control of their sessions. This can lead to serious security risks and privacy breaches. Users are strongly advised to update their WP VR installations to a patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Rextheme WP VR

Affected Vendors

RexTheme

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/2wcfx0
https://www.cve.org/CVERecord?id=CVE-2025-24730
https://nvd.nist.gov/vuln/detail/CVE-2025-24730

Back to Vulnerability Database