Reflected Cross-Site Scripting Vulnerability in Alphabetic Pagination Plugin by Fahad Mahmood
CVE-2025-26751

7.1HIGH

Key Information:

Vendor: WordPress
Status: Alphabetic Pagination
Vendor: CVE Published:; 25 February 2025

Summary

A reflected Cross-Site Scripting (XSS) vulnerability exists in the Alphabetic Pagination plugin developed by Fahad Mahmood. This vulnerability allows attackers to inject malicious scripts through improper input handling during web page generation. Affected versions of the plugin are vulnerable to this security flaw, which can lead to unauthorized access and exploitation of user data. Users are advised to stay updated with the latest versions and apply necessary security measures to mitigate risks.

Affected Version(s)

Alphabetic Pagination <= 3.2.1

References

https://patchstack.com/database/wordpress/plugin/alphabet...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 25, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)