CVE-2025-22793
Published: 15 January 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea bold-pagos-en-linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through <= 3.1.4.
Security Summary
CVE-2025-22793 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as DOM-based Cross-site Scripting (XSS, CWE-79), in the Bold Pagos en Línea WordPress plugin (bold-pagos-en-linea). This issue affects all versions from n/a through 3.1.4 and was published on 2025-01-15. The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility and scope change.
Unauthenticated remote attackers can exploit this vulnerability over the network with low attack complexity, though it requires user interaction such as clicking a malicious link. Exploitation enables script execution in the victim's browser context within the affected plugin, potentially compromising low levels of confidentiality, integrity, and availability impacts across a changed scope.
The Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/bold-pagos-en-linea/vulnerability/wordpress-bold-pagos-en-linea-plugin-3-1-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve documents this vulnerability in the WordPress plugin context.
Details
- CWE(s)