CVE-2025-1232: Site Reviews < 7.2.5 - Unauthenticated Stored XSS

Description

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks

Classification

CVE ID: CVE-2025-1232

Problem Types

CWE-79 Cross-Site Scripting (XSS)

Affected Products

Vendor: Unknown

Product: Site Reviews

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 15.48% (scored less or equal to compared to others)

EPSS Date: 2025-04-17 (when was this score calculated)

References

https://nvd.nist.gov/vuln/detail/CVE-2025-1232
https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/

Timeline

2025-03-19 06:40:15 UTC
CVE

Site Reviews < 7.2.5 - Unauthenticated Stored XSS