Reflected Cross-Site Scripting Vulnerability in vbout Marketing Automation
CVE-2025-22631

7.1HIGH

Key Information:

Vendor: Vbout
Status: Marketing Automation
Vendor: CVE Published:; 23 February 2025

Summary

The vbout Marketing Automation product has a vulnerability that allows for reflected cross-site scripting (XSS). This occurs due to improper neutralization of input during web page generation. Attackers can exploit this flaw, impacting users by injecting malicious scripts into web pages. The vulnerability affects all versions of the Marketing Automation product from n/a to 1.2.6.8, posing security risks to users if left unaddressed.

Affected Version(s)

Marketing Automation <= 1.2.6.8

References

https://patchstack.com/database/wordpress/plugin/marketin...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 23, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)