Medium severity5.9NVD Advisory· Published Aug 20, 2025· Updated Apr 23, 2026

CVE-2025-49392

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themifyme Themify Audio Dock themify-audio-dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through <= 2.0.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Themify Audio Dock plugin <=2.0.5 has a Stored XSS vulnerability allowing attackers to inject malicious scripts via improperly neutralized input.

The Themify Audio Dock WordPress plugin (versions 2.0.5 and earlier) fails to properly sanitize user input during page generation, leading to a stored cross-site scripting (XSS) vulnerability. This means that input provided by an attacker is not neutralized before being stored and later displayed to other users, enabling script injection [1].

References

Cross Site Scripting (XSS) in WordPress Themify Audio Dock Plugin

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

WordPress/Themify Audio Dockllm-fuzzy
Range: <=2.0.5
Package: https://wordpress.org/plugins/themify-audio-dock

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

patchstack.com/database/Wordpress/Plugin/themify-audio-dock/vulnerability/wordpress-themify-audio-dock-plugin-2-0-5-cross-site-scripting-xss-vulnerabilitynvd

News mentions

No linked articles in our index yet.

cvss	0.384
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000