Reflected Cross-Site Scripting Vulnerability in WP-Asambleas by Platcom
CVE-2025-22796

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP-asambleas
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-22796?

The WP-Asambleas plugin by Platcom is vulnerable to a reflected Cross-site Scripting (XSS) attack due to improper neutralization of user input during web page generation. This flaw allows attackers to execute arbitrary JavaScript in the context of users' browsers, potentially leading to data theft, session hijacking, or other malicious activities. Affected versions include all versions up to and including 2.85.0, making it crucial for users to update to secure their websites.

Affected Version(s)

WP-Asambleas <= 2.85.0

References

https://patchstack.com/database/wordpress/plugin/wp-asamb...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Jan 7, 2025

Credit

LVT-tholv2k (Patchstack Alliance)