CVE-2025-26904

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 25, 2025

CWE ID 79

Summary

CVE-2025-26904 is a Cross-site Scripting (XSS) vulnerability affecting WP Responsive Auto Fit Text, a plugin used for adjusting text size to fit webpages. The flaw, which is classified as an improper neutralization of input during web page generation issue, enables attackers to inject malicious scripts into webpages viewed by other users. This can lead to data theft, unauthorized account access, or other malicious activities. The vulnerability affects versions of WP Responsive Auto Fit Text from n/a through 0.2. Users are advised to update to a patched version immediately to mitigate the risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cudYt
https://www.cve.org/CVERecord?id=CVE-2025-26904
https://nvd.nist.gov/vuln/detail/CVE-2025-26904

Back to Vulnerability Database

CVE-2025-26904

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations