Cyber Posture

CVE-2025-24630

High

Published: 03 February 2025

Published
03 February 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score 7.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
EPSS Score 0.0006 17.2th percentile
Risk Priority 14 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may abuse various implementations of JavaScript for execution.

Security Summary

CVE-2025-24630 is an improper neutralization of input during web page generation vulnerability, enabling reflected cross-site scripting (XSS) as classified under CWE-79, in the MantraBrain Sikshya LMS WordPress plugin. This issue affects all versions of Sikshya LMS from n/a through 0.0.21 inclusive. The vulnerability carries a CVSS v3.1 base score of 7.1, with vector AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L, and was published on 2025-02-03T15:15:27.730.

Unauthenticated attackers accessible over the network can exploit this vulnerability with low attack complexity, though it requires user interaction, such as a victim clicking a malicious link. Exploitation changes the security scope and allows limited impacts on confidentiality, integrity, and availability, typically enabling arbitrary JavaScript execution in the victim's browser context.

Mitigation details are available in the Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/sikshya/vulnerability/wordpress-sikshya-lms-plugin-0-0-21-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-79

MITRE ATT&CK Enterprise Techniques

T1204.001 Malicious Link Execution
An adversary may rely upon a user clicking a malicious link in order to gain execution.
attack.mitre.org →
T1059.007 JavaScript Execution
Adversaries may abuse various implementations of JavaScript for execution.
attack.mitre.org →
Why these techniques?

The reflected XSS vulnerability is directly exploited via a malicious link requiring user interaction, enabling arbitrary JavaScript execution in the victim's browser context.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References