CVE-2025-22595
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja Mailing Group Listserv wp-mailing-group allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through <= 2.0.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
The WordPress Mailing Group Listserv plugin <=2.0.9 has a Reflected XSS vulnerability due to improper input neutralization.
The vulnerability is a Reflected Cross-Site Scripting (XSS) found in the Mailing Group Listserv plugin for WordPress, affecting versions from n/a through 2.0.9. The root cause is improper neutralization of user input during web page generation, allowing an attacker to inject arbitrary web scripts or HTML [1].
To exploit this, an attacker must trick a privileged user into clicking a malicious link or visiting a crafted page. User interaction is required, and the attacker does not need prior authentication to the vulnerable site [1]. The attack can be initiated remotely without special network access.
Successful exploitation could allow the attacker to inject malicious scripts, such as redirects, advertisements, or other HTML payloads. These scripts execute in the context of the victim's browser when they visit the affected site, potentially leading to data theft, session hijacking, or defacement [1].
The vulnerability is patched in version 3.0.0 or later. Users are strongly advised to update immediately. Patchstack has also issued a mitigation rule to block attacks until an update is applied [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=2.0.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.