Stored XSS Vulnerability in Plethora Plugins Tabs + Accordions
CVE-2025-24709

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
Plethora Plugins Tabs + Accordions
Vendor
CVE Published:
24 January 2025

What is CVE-2025-24709?

A stored cross-site scripting (XSS) vulnerability exists in Plethora Plugins Tabs + Accordions, allowing unauthorized users to inject malicious scripts into the application. This flaw can be exploited when dynamic web content generated by the plugin improperly handles user input, potentially compromising user interaction and data privacy. Users of affected versions (up to 1.1.5) should take immediate action to mitigate risks associated with this vulnerability.

Affected Version(s)

Plethora Plugins Tabs + Accordions <= 1.1.5

References

https://patchstack.com/database/wordpress/plugin/plethora...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis (Patchstack Alliance)
.
The Cyber Security Vulnerability Database.