Stored Cross-site Scripting Vulnerability in Wumii Related Posts Plugin
CVE-2025-27352

7.1HIGH

Key Information:

Vendor: Wumii Team
Status: 无觅相关文章插件
Vendor: CVE Published:; 24 February 2025

Summary

A vulnerability exists in the Wumii Related Posts Plugin that allows for improper neutrality of input during web page generation, leading to potential stored Cross-site Scripting (XSS) attacks. This issue can allow an attacker to inject malicious scripts that could then be executed in the context of users accessing the compromised site. Website administrators are advised to apply security patches and updates to mitigate the risks associated with this vulnerability.

Affected Version(s)

无觅相关文章插件 <= 1.0.5.7

References

https://patchstack.com/database/wordpress/plugin/wumii-re...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Feb 24, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

Abdi Pranata (Patchstack Alliance)