CVE-2025-22778

High

Published: 15 January 2025

Published

15 January 2025

Modified

23 April 2026

KEV Added

—

Patch

—

CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

EPSS Score 0.0021 42.8th percentile

Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in damniel Lijit Search wp-lijit-wijit allows Reflected XSS.This issue affects Lijit Search: from n/a through <= 1.1.

Security Summary

CVE-2025-22778 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, in the damniel Lijit Search WordPress plugin (wp-lijit-wijit). This issue affects the plugin from n/a through version 1.1 inclusive. The vulnerability was published on 2025-01-15T16:15:40.350 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).

Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges but user interaction, such as clicking a malicious link. Exploitation changes the scope to the victim's browser context, enabling arbitrary script execution reflected in the web page. This can result in low impacts to confidentiality (e.g., limited data exposure), integrity (e.g., minor tampering), and availability.

The Patchstack advisory (https://patchstack.com/database/Wordpress/Plugin/wp-lijit-wijit/vulnerability/wordpress-lijit-search-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve) documents the Reflected XSS vulnerability in Lijit Search plugin version 1.1, providing details for WordPress security practitioners to assess exposure.

Details

CWE(s): CWE-79

References

https://patchstack.com/database/Wordpress/Plugin/wp-lijit-wijit/vulnerability/wordpress-lijit-search-plugin-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve
audit@patchstack.com