CVE-2025-27323

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Feb 24, 2025

CWE ID 79

Summary

CVE-2025-27323 is a Cross-site Scripting (XSS) vulnerability affecting WP About Author, a WordPress plugin. The flaw, which enables DOM-Based XSS, arises due to improper neutralization of user input during web page generation. This issue puts websites using WP About Author versions 1.5 and below at risk, allowing attackers to inject malicious scripts and potentially steal user data or take control of the affected site. Users are urged to update to the latest plugin version or consider disabling the plugin until a fix is available.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3lypZh
https://www.cve.org/CVERecord?id=CVE-2025-27323
https://nvd.nist.gov/vuln/detail/CVE-2025-27323

Back to Vulnerability Database

CVE-2025-27323

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations