Reflected Cross-site Scripting Vulnerability in WP Intro.JS
CVE-2025-23576

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Intro.js
Vendor: CVE Published:; 3 March 2025

Summary

A vulnerability in WP Intro.JS, specifically in the input handling during web page generation, enables attackers to execute reflected cross-site scripting (XSS) attacks. This poses a significant risk as it allows the injection of malicious scripts that can affect users who visit the compromised web pages. Users of WP Intro.JS versions from n/a to 1.1 should be aware of this security flaw and take steps to mitigate risks associated with this vulnerability.

Affected Version(s)

WP Intro.JS <= 1.1

References

https://patchstack.com/database/wordpress/plugin/wp-intro...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)