Reflected XSS Vulnerability in Uncomplicated SEO Plugin by NotFound
CVE-2025-25158

7.1HIGH

Key Information:

Vendor: WordPress
Status: Uncomplicated Seo
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-25158?

The Uncomplicated SEO plugin for WordPress developed by NotFound is susceptible to a Reflected XSS vulnerability due to improper neutralization of user input during web page generation. This flaw allows attackers to inject malicious scripts into web pages viewed by unsuspecting users. The vulnerability impacts versions of Uncomplicated SEO up to and including 1.2, making it critical for site administrators to review and secure their installations against potential exploitation.

Affected Version(s)

Uncomplicated SEO <= 1.2

References

https://patchstack.com/database/wordpress/plugin/uncompli...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

Abdi Pranata (Patchstack Alliance)