CVE-2025-25169
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rachel Cherry Authors Autocomplete Meta Box authors-autocomplete-meta-box allows Reflected XSS.This issue affects Authors Autocomplete Meta Box: from n/a through <= 1.2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS vulnerability in WordPress Authors Autocomplete Meta Box plugin <=1.2 allows attackers to inject malicious scripts via crafted requests.
Vulnerability
Details The plugin fails to neutralize input during page generation, leading to a reflected cross-site scripting (XSS) vulnerability [1]. This affects versions <=1.2.
Exploitation
An attacker can craft a malicious link that, when clicked by a privileged user (e.g., admin), executes arbitrary JavaScript in the victim's browser [1]. No direct authentication is required as the XSS is reflected.
Impact
Successful exploitation allows the attacker to perform actions like redirecting users, injecting ads, or stealing session cookies [1].
Mitigation
Users should update to the latest patched version. A mitigation rule from Patchstack is available [1].
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.