CVE-2025-23682
Published: 22 January 2025
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bhuvnesh Gupta Preloader Quotes preloader-quotes allows Reflected XSS.This issue affects Preloader Quotes: from n/a through <= 1.0.0.
Security Summary
CVE-2025-23682 is an Improper Neutralization of Input During Web Page Generation vulnerability, classified as Reflected Cross-site Scripting (CWE-79), in the Preloader Quotes WordPress plugin developed by Bhuvnesh Gupta. The plugin, identified as preloader-quotes, is affected in all versions from n/a through 1.0.0.
The vulnerability carries a CVSS v3.1 base score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). Remote attackers require no privileges and can exploit it over the network with low complexity by tricking users into interacting, such as via a malicious link or input reflected in web pages. Exploitation enables low-impact effects on confidentiality, integrity, and availability with changed scope, allowing script execution in the victim's browser context.
Patchstack has documented the issue in its vulnerability database for the WordPress Preloader Quotes plugin version 1.0.0. Security practitioners should review the advisory at https://patchstack.com/database/Wordpress/Plugin/preloader-quotes/vulnerability/wordpress-preloader-quotes-plugin-1-0-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve for mitigation details.
Details
- CWE(s)