CVE-2025-64232
Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in icopydoc Import from YML import-from-yml allows Reflected XSS.This issue affects Import from YML: from n/a through <= 3.1.17.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected XSS vulnerability in WordPress Import from YML plugin (<=3.1.17) allows attackers to inject malicious scripts via crafted requests.
Vulnerability
Description The Import from YML plugin for WordPress versions up to and including 3.1.17 contains a reflected cross-site scripting (XSS) vulnerability due to improper neutralization of user input during page generation. [1]
Exploitation
Details An attacker can exploit this vulnerability by crafting a malicious URL or form that, when interacted with by a user (e.g., clicking a link), injects arbitrary JavaScript into the web page. The vulnerability requires user interaction, meaning an administrator or other user must perform an action such as clicking a link. [1]
Impact
Successful exploitation allows the attacker to execute malicious scripts in the context of the affected site. This can lead to redirects, injection of advertisements, or theft of sensitive information like session cookies, potentially compromising the entire WordPress installation. [1]
Mitigation
The vendor has released version 4.0.0 to fix the vulnerability. Users are strongly advised to update immediately. Patchstack also offers a mitigation rule for those unable to update immediately. [1]
AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: <=3.1.17
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.