Reflected Cross-site Scripting Vulnerability in Social Pug: Author Box by iova.mihai
CVE-2025-22706

7.1HIGH

Key Information:

Vendor: WordPress
Status: Social Pug: Author Box
Vendor: CVE Published:; 21 January 2025

What is CVE-2025-22706?

A reflected Cross-site Scripting (XSS) vulnerability exists in the Social Pug: Author Box plugin by iova.mihai, affecting versions up to 1.0.0. This vulnerability arises due to improper handling of user input during web page generation, allowing attackers to inject malicious scripts into the affected application. When exploited, this issue can lead to unauthorized access and manipulation of user data, compromising the security and integrity of the affected WordPress site.

Affected Version(s)

Social Pug: Author Box <= 1.0.0

References

https://patchstack.com/database/wordpress/plugin/social-p...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 21, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

SOPROBRO (Patchstack Alliance)