Unrated severityNVD Advisory· Published Mar 25, 2025· Updated Mar 25, 2025
Favorites < 2.3.5 - Admin+ Stored XSS
CVE-2025-1452
Description
The Favorites WordPress plugin before 2.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2(expand)+ 1 more
- (no CPE)
- (no CPE)range: <2.3.5
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/47365daf-7ef5-471a-ab0e-f6d1b40ca56c/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.