Cross-site Scripting Vulnerability in Waymark by Joe Waymark
CVE-2025-26770

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Waymark
Vendor: CVE Published:; 17 February 2025

What is CVE-2025-26770?

A stored cross-site scripting (XSS) vulnerability exists in Waymark by Joe Waymark, enabling attackers to inject malicious scripts into web pages. This vulnerability affects versions from n/a through 1.5.0, allowing harmful scripts to be executed in the context of users' browsers, potentially leading to data theft or unauthorized actions. It is crucial for users of Waymark to remain vigilant and apply the necessary patches to safeguard against these security risks.

Affected Version(s)

Waymark <= 1.5.0

References

https://patchstack.com/database/wordpress/plugin/waymark/...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 17, 2025
Vulnerability Reserved
Feb 14, 2025

Credit

muhammad yudha (Patchstack Alliance)