Stored Cross-site Scripting Vulnerability in Optimate Ads Plugin by Shujahat21
CVE-2025-25136

6.5MEDIUM

Key Information:

Vendor: Shujahat21
Status: Optimate Ads
Vendor: CVE Published:; 7 February 2025

Summary

The Optimate Ads plugin developed by Shujahat21 contains a Stored Cross-site Scripting (XSS) vulnerability that arises from improper neutralization of user input during web page generation. This flaw allows attackers to inject malicious scripts into the web application, potentially compromising user data and site integrity. Affected versions include from n/a to 1.0.3, making it essential for users to update to secure their applications against potential exploitation.

Affected Version(s)

Optimate Ads <= 1.0.3

References

https://patchstack.com/database/wordpress/plugin/optimate...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Abdi Pranata (Patchstack Alliance)