Stored XSS Vulnerability in Plethora Plugins Tabs + Accordions
CVE-2025-24709
6.5MEDIUM
Key Information:
- Vendor
- Plethora Plugins
- Status
- Plethora Plugins Tabs + Accordions
- Vendor
- CVE Published:
- 24 January 2025
Summary
A stored cross-site scripting (XSS) vulnerability exists in Plethora Plugins Tabs + Accordions, allowing unauthorized users to inject malicious scripts into the application. This flaw can be exploited when dynamic web content generated by the plugin improperly handles user input, potentially compromising user interaction and data privacy. Users of affected versions (up to 1.1.5) should take immediate action to mitigate risks associated with this vulnerability.
Affected Version(s)
Plethora Plugins Tabs + Accordions <= 1.1.5
References
CVSS V3.1
Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Peter Thaleikis (Patchstack Alliance)