Reflected Cross-Site Scripting in NotFound WordPress File Search Plugin
CVE-2025-23867
7.1HIGH
Summary
A vulnerability exists in the NotFound WordPress File Search plugin that allows attackers to execute reflected cross-site scripting (XSS) attacks. This issue arises from improper input handling during web page generation, enabling malicious users to inject and execute arbitrary scripts in the context of users' browsers. Affected versions range from n/a to 1.2, making it essential for website administrators to ensure their plugins are updated and secure to protect against potential exploits. Regularly auditing and patching vulnerabilities is critical in maintaining web security.
Affected Version(s)
WordPress File Search <= 1.2
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Le Ngoc Anh (Patchstack Alliance)