Reflected Cross-Site Scripting in Jabbernotification Plugin for WordPress
CVE-2025-13622

6.1MEDIUM

Key Information:

Vendor

WordPress
Status
Jabbernotification
Vendor
CVE Published:
5 December 2025

What is CVE-2025-13622?

The Jabbernotification plugin for WordPress has a vulnerability that allows for Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. Attackers can exploit this flaw by tricking users into clicking malicious links, leading to the injection of arbitrary web scripts. All versions up to and including 0.99-RC2 are affected, making it crucial for website administrators to implement appropriate security measures to mitigate potential exploitation.

Affected Version(s)

Jabbernotification * <= 0.99-RC2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/jabberbenachrichtigung/
https://plugins.trac.wordpress.org/browser/jabberbenachri...

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Abdulsamad Yusuf
JSON
.
CVE-2025-13622 : Reflected Cross-Site Scripting in Jabbernotification Plugin for WordPress