Cross-site Scripting Vulnerability in Post-to-Post Links Plugin by Scott Reilly
CVE-2025-23878

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Post-to-post Links
Vendor: CVE Published:; 16 January 2025

Summary

The Post-to-Post Links plugin by Scott Reilly is vulnerable to a Cross-site Scripting (XSS) flaw due to improper neutralization of input during web page generation. This vulnerability allows for the potential injection of malicious scripts, affecting users who interact with the compromised plugin. Versions up to and including 4.2 are impacted, posing a security risk to websites utilizing this plugin. Website administrators should be aware of this vulnerability and take immediate actions to mitigate potential attacks.

Affected Version(s)

Post-to-Post Links <= 4.2

References

https://patchstack.com/database/wordpress/plugin/easy-pos...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 16, 2025
Vulnerability Reserved
Jan 16, 2025

Credit

Pham Van Tam (Patchstack Alliance)