CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2025-24810: Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be...

4.8 CVSS

Description

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen.

Classification

CVE ID: CVE-2025-24810

CVSS Base Severity: MEDIUM

CVSS Base Score: 4.8

Affected Products

Vendor: Rahe

Product: Simple Image Sizes

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.77% (scored less or equal to compared to others)

EPSS Date: 2025-02-27 (when was this score calculated)

References

https://wordpress.org/plugins/simple-image-sizes/#developers
https://jvn.jp/en/jp/JVN88046370/

Timeline

2025-01-29 10:30:11 UTC
CVE

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be...