Cross-Site Scripting Vulnerability in FM Notification Bar by Prem Tiwari
CVE-2025-22641

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Fm Notification Bar
Vendor: CVE Published:; 4 February 2025

What is CVE-2025-22641?

The FM Notification Bar plugin, developed by Prem Tiwari, contains a vulnerability that allows for Stored Cross-Site Scripting (XSS) attacks. This occurs due to improper handling of user input during the web page generation process. Attackers can potentially exploit this flaw to inject malicious scripts, which may compromise the security of the user’s session and data. This vulnerability affects versions of the FM Notification Bar plugin from n/a up to 1.0.2, allowing attackers to carry out unauthorized actions on behalf of users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FM Notification Bar <= 1.0.2

References

https://patchstack.com/database/wordpress/plugin/fm-notif...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Pham Van Tam (Patchstack Alliance)

JSON

WordPress