Reflected XSS Flaw in WP Mailster by brandtoss
CVE-2025-24688

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Mailster
Vendor: CVE Published:; 14 February 2025

What is CVE-2025-24688?

A reflected cross-site scripting vulnerability exists in WP Mailster by brandtoss, allowing attackers to inject malicious scripts into web pages. This can lead to unauthorized actions performed on behalf of users, exposing sensitive data and compromising user accounts. Affected versions include WP Mailster from n/a up to 1.8.20.0. It is crucial for users to apply the latest security updates to safeguard against potential exploitation.

Affected Version(s)

WP Mailster <= 1.8.20.0

References

https://patchstack.com/database/wordpress/plugin/wp-mails...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 14, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

0xd4rk5id3 (Patchstack Alliance)