Cross-Site Scripting Vulnerability in REAL WordPress Sidebar Plugin by ClickandSell
CVE-2025-23535

7.1HIGH

Key Information:

Vendor: Wordpress
Status: Real WordPress Sidebar
Vendor: CVE Published:; 22 January 2025

Summary

The REAL WordPress Sidebar by ClickandSell contains a vulnerability that allows for the improper neutralization of input during web page generation, leading to a Stored Cross-Site Scripting (XSS) issue. This vulnerability can be exploited by attackers to inject malicious scripts into web pages viewed by other users, potentially compromising user data and site integrity. It is crucial to ensure that your version of the plugin is updated to prevent any security breaches associated with this vulnerability.

Affected Version(s)

REAL WordPress Sidebar <= 0.1

References

https://patchstack.com/database/wordpress/plugin/drag-and...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 22, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Mika (Patchstack Alliance)