Cross-Site Scripting Vulnerability in Upcasted AWS S3 for WordPress Plugin
CVE-2025-22676

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Aws S3 For WordPress Plugin – Upcasted
Vendor: CVE Published:; 16 February 2025

Summary

A Cross-Site Scripting (XSS) vulnerability in the Upcasted AWS S3 for WordPress Plugin allows an attacker to inject malicious scripts through improper input validation. This can lead to stored XSS attacks, where the injected script is stored on the server and executed in the context of unsuspecting users. Affected versions include n/a up to 3.0.3. Securing your WordPress installation and keeping plugins updated is critical to mitigating the risk of such vulnerabilities.

Affected Version(s)

AWS S3 for WordPress Plugin – Upcasted <= 3.0.3

References

https://patchstack.com/database/wordpress/plugin/upcasted...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 16, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

Abdi Pranata (Patchstack Alliance)