Stored XSS Vulnerability in Rollover Tab by Eiji Yamada
CVE-2025-23863

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Rollover Tab
Vendor: CVE Published:; 16 January 2025

What is CVE-2025-23863?

The Rollover Tab plugin developed by Eiji ‘Sabaoh’ Yamada features a Stored Cross-site Scripting (XSS) vulnerability. This security flaw arises from improper handling of user input during web page generation, allowing an attacker to inject malicious scripts. Users of Rollover Tab versions up to and including 1.3.2 are particularly at risk, as the vulnerability can lead to unauthorized access and manipulation of user data, severely compromising the security of affected WordPress sites.

Affected Version(s)

Rollover Tab <= 1.3.2

References

https://patchstack.com/database/wordpress/plugin/rollover...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

SOPROBRO (Patchstack Alliance)