CVE-2025-22355

High

Published: 07 January 2025

Published

07 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0018 38.9th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in asokaaso2 Kikx Simple Post Author Filter sa-post-author-filter allows Reflected XSS.This issue affects Kikx Simple Post Author Filter: from n/a through <= 1.0.

Security Summary

CVE-2025-22355 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Kikx Simple Post Author Filter WordPress plugin (sa-post-author-filter). This issue affects all versions of the plugin from n/a through 1.0 inclusive.

The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating network accessibility, low attack complexity, no required privileges, and user interaction such as clicking a malicious link. Remote attackers can exploit it by injecting malicious payloads into web pages generated by the plugin, leading to script execution in the context of a victim's browser. This enables potential theft of session cookies, keystroke logging, or page defacement, with low impacts to confidentiality, integrity, and availability but changed scope.

Patchstack documents this vulnerability in their WordPress plugin database, highlighting the Reflected XSS risk in Kikx Simple Post Author Filter version 1.0.

Details

CWE(s): CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/sa-post-author-filter/vulnerability/wordpress-kikx-simple-post-author-filter-plugin-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com