Stored Cross-site Scripting Vulnerability in Scroll Top Advanced Plugin by Nasir
CVE-2025-23444

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Scroll Top Advanced
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23444?

The Scroll Top Advanced plugin by Nasir is susceptible to a Stored Cross-site Scripting (XSS) vulnerability, which arises from improper handling of user inputs during web page generation. This flaw enables attackers to inject malicious scripts that can execute in the context of a victim's browser, potentially leading to unauthorized actions, data theft, or defacement. It is critical for users of versions up to 2.5 to take immediate steps to secure their websites against this exploit.

Affected Version(s)

Scroll Top Advanced <= 2.5

References

https://patchstack.com/database/wordpress/plugin/scroll-t...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)