CVE-2025-23492
Published: 14 February 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CantonBolo WordPress 淘宝客插件 taobaoke allows Reflected XSS.This issue affects WordPress 淘宝客插件: from n/a through <= 1.1.2.
Security Summary
CVE-2025-23492 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (XSS) under CWE-79, affecting the CantonBolo WordPress 淘宝客插件 taobaoke. This issue impacts all versions of the plugin from n/a through 1.1.2. The vulnerability was published on 2025-02-14T13:15:43.573 and carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L).
Attackers can exploit this vulnerability remotely over the network with low attack complexity, requiring no privileges but user interaction, such as clicking a malicious link. Exploitation changes the security scope and results in low impacts to confidentiality, integrity, and availability, typically allowing execution of arbitrary scripts in the victim's browser context.
Patchstack documents this Reflected XSS vulnerability in their database entry for the taobaoke WordPress plugin version 1.1.2, available at https://patchstack.com/database/Wordpress/Plugin/taobaoke/vulnerability/wordpress-plugin-1-1-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.
Details
- CWE(s)