Cross-site Scripting Vulnerability in SWIT WP Sessions Time Monitoring Full Automatic
CVE-2025-24718
7.1HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 31 January 2025
What is CVE-2025-24718?
A Cross-site Scripting (XSS) vulnerability exists in the SWIT WP Sessions Time Monitoring Full Automatic plugin, allowing attackers to inject malicious scripts into web pages. This vulnerability affects all versions up to 1.1.1. Attackers can exploit this flaw to execute arbitrary JavaScript in the user's browser, possibly leading to session hijacking and other malicious activities on affected sites. Website administrators are strongly advised to upgrade to the latest version to mitigate these risks.
Affected Version(s)
WP Sessions Time Monitoring Full Automatic <= 1.1.1