CVE-2025-26552

CVSS 3.1 Score 7.1 of 10 (high)

Details

Published Feb 13, 2025

CWE ID 79

Summary

CVE-2025-26552 is a Cross-Site Scripting (XSS) vulnerability affecting Naver Syndication V2. The issue lies in the improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts into web pages viewed by other users. This stored XSS vulnerability can be exploited to steal user data or take control of their sessions, posing a significant security risk. Naver Syndication V2 versions from n/a through 0.8.3 are affected, and users are advised to update to a patched version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

WordPress

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3S7FJB
https://www.cve.org/CVERecord?id=CVE-2025-26552
https://nvd.nist.gov/vuln/detail/CVE-2025-26552

Back to Vulnerability Database

CVE-2025-26552

CVSS 3.1 Score 7.1 of 10 (high)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations