Cross-Site Scripting Vulnerability in NotFound Mobile by NotFound
CVE-2025-26563

7.1HIGH

Key Information:

Vendor: WordPress
Status: Mobile
Vendor: CVE Published:; 3 March 2025

Summary

NotFound Mobile contains a Cross-Site Scripting (XSS) vulnerability due to improper neutralization of input during web page generation. This flaw allows attackers to execute arbitrary scripts in the context of the user’s browser, potentially leading to data theft or session hijacking. It impacts users across various versions of the application, including the initial release and up to version 1.3.3.

Affected Version(s)

Mobile <= 1.3.3

References

https://patchstack.com/database/wordpress/plugin/rocket-w...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)