AI description
Generated using AI and has not been reviewed by Intruder. May contain errors.
CVE-2025-23852 is a cross-site scripting (XSS) vulnerability found in the First Comment Redirect WordPress plugin. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. Versions of the plugin up to and including 1.0.3 are affected. The vulnerability arises from improper neutralization of user input during web page generation. Exploitation of this vulnerability could allow attackers to execute arbitrary scripts in the context of the vulnerable website. This could lead to session hijacking, website defacement, or the spread of further malware.
- Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound First Comment Redirect allows Reflected XSS. This issue affects First Comment Redirect: from n/a through 1.0.3.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.1
- Impact score
- 3.7
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
- Severity
- HIGH
- audit@patchstack.com
- CWE-79
- Hype score
- Not currently trending