CVE-2025-26913

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 25, 2025

CWE ID 79

Summary

CVE-2025-26913 is a Cross-site Scripting (XSS) vulnerability affecting AR For WordPress, a popular plugin used for creating and managing web-to-print solutions. The issue, categorized as an improper neutralization of input during web page generation, allows attackers to inject malicious scripts into the affected website's DOM. Successful exploitation of this vulnerability could lead to unauthorized access to user data or sessions, making it crucial for AR For WordPress users to update their plugin to a fixed version as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3cusAZ
https://www.cve.org/CVERecord?id=CVE-2025-26913
https://nvd.nist.gov/vuln/detail/CVE-2025-26913

Back to Vulnerability Database

CVE-2025-26913

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations