Reflected XSS Vulnerability in WP2LEADS by Saleswonder Team
CVE-2025-24565

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP2leads
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-24565?

A reflected cross-site scripting (XSS) vulnerability in the WP2LEADS plugin by Saleswonder Team allows attackers to inject malicious scripts into web pages. This flaw can be exploited by sending specially crafted requests that result in the execution of arbitrary JavaScript code in the context of a user's browser session. The issue affects all versions up to and including 3.3.3, posing significant risks to website security and user data integrity.

Affected Version(s)

WP2LEADS <= 3.3.3

References

https://patchstack.com/database/wordpress/plugin/wp2leads...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)