Cross-site Scripting Vulnerability in NotFound WP Less Compiler Plugin
CVE-2025-25142
7.1HIGH
Summary
The NotFound WP Less Compiler plugin contains a vulnerability that allows for stored Cross-site Scripting (XSS) attacks. This occurs due to improper handling of input during web page generation. An attacker could exploit this vulnerability to inject malicious scripts that would be executed in the context of users visiting affected pages. This flaw poses serious security risks to WordPress sites utilizing this plugin, particularly affecting versions from n/a through 1.3.0.
Affected Version(s)
WP Less Compiler <= 1.3.0
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Abdi Pranata (Patchstack Alliance)