Cross-site Scripting Vulnerability in NotFound Social Links Plugin
CVE-2025-25137

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Social Links
Vendor: CVE Published:; 3 March 2025

Summary

A vulnerability in the NotFound Social Links plugin allows for stored Cross-site Scripting (XSS) when input is improperly neutralized during web page generation. This flaw could enable attackers to inject malicious scripts, potentially compromising user data and site integrity.

Affected Version(s)

Social Links <= 1.0.11

References

https://patchstack.com/database/wordpress/plugin/social-l...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Abdi Pranata (Patchstack Alliance)