CVE-2025-22772
Published: 22 January 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in stephanemartinw Mapbox for WP Advanced mapbox-for-wp-advanced allows Reflected XSS.This issue affects Mapbox for WP Advanced: from n/a through <= 1.0.0.
Security Summary
CVE-2025-22772 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the Mapbox for WP Advanced WordPress plugin by stephanemartinw (mapbox-for-wp-advanced). This issue affects all versions from n/a through 1.0.0, as published on 2025-01-22.
The vulnerability has a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating exploitation is possible remotely over the network by an unauthenticated attacker with low complexity but requiring user interaction, such as visiting a maliciously crafted webpage or clicking a link. Successful exploitation allows execution of arbitrary scripts in the context of the affected site, potentially leading to low-level impacts on confidentiality, integrity, and availability with a changed scope affecting associated resources.
Patchstack's advisory at the provided reference details the Reflected XSS vulnerability in Mapbox for WP Advanced version 1.0.0, serving as a key resource for practitioners assessing exposure and remediation in WordPress environments.
Details
- CWE(s)