CVE-2025-3809

CVSS 3.1 Score 7.2 of 10 (high)

Details

Published Apr 19, 2025

Updated: Apr 21, 2025

CWE ID 79

Summary

CVE-2025-3809 is a Stored Cross-Site Scripting (XSS) vulnerability affecting the Debug Log Manager plugin for WordPress. This issue, present in all versions up to 2.3.4, arises due to insufficient input sanitization and output escaping in the plugin's auto-refresh debug log feature. Consequently, unauthenticated attackers can inject arbitrary web scripts into pages. Upon accessing an injected page by any user, these scripts will be executed, potentially leading to unintended actions or data disclosure.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/5Vcoy1
https://www.cve.org/CVERecord?id=CVE-2025-3809
https://nvd.nist.gov/vuln/detail/CVE-2025-3809

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-3809

CVSS 3.1 Score 7.2 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations