Cross-site Scripting Vulnerability in Quotes Llama by oooorgle
CVE-2025-27307

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Quotes Llama
Vendor: CVE Published:; 24 February 2025

What is CVE-2025-27307?

A reflected XSS vulnerability exists in the Quotes Llama product from oooorgle, affecting versions up to 3.0.1. This flaw allows malicious actors to inject harmful scripts into web pages viewed by unsuspecting users, posing a risk of data theft, session hijacking, or other malicious activities. It is crucial for users of affected versions to implement security measures to prevent exploitation.

Affected Version(s)

Quotes llama <= 3.0.1

References

https://patchstack.com/database/wordpress/plugin/quotes-l...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Peter Thaleikis (Patchstack Alliance)