Reflected XSS Vulnerability in Bowo Variable Inspector Plugin
CVE-2025-26914

7.1HIGH

Key Information:

Vendor: WordPress
Status: Variable Inspector
Vendor: CVE Published:; 3 March 2025

What is CVE-2025-26914?

The Bowo Variable Inspector plugin for WordPress has a vulnerability that allows for reflected Cross-site Scripting (XSS) attacks. This occurs due to improper handling of user input during web page generation. Attackers can exploit this flaw to inject malicious scripts, which can then be executed in the browser of any user interacting with the compromised plugin. This vulnerability impacts all versions from n/a up to and including 2.6.2, highlighting the importance of keeping your WordPress plugins up-to-date to mitigate security risks.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Variable Inspector <= 2.6.2

References

https://patchstack.com/database/wordpress/plugin/variable...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 3, 2025
Vulnerability Reserved
Feb 17, 2025

Credit

Trương Hữu Phúc (truonghuuphuc) (Patchstack Alliance)

JSON

WordPress