Reflected Cross-site Scripting Vulnerability in Photo Express for Google
CVE-2025-27361

7.1HIGH

Key Information:

Vendor: WordPress
Status: Photo Express For Google
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-27361?

A reflected cross-site scripting (XSS) vulnerability has been identified in the Photo Express for Google plugin. This security flaw allows attackers to inject malicious scripts via user input, which are reflected back to users through web page generation. As a result, this may compromise user security and data privacy. This issue affects versions up to and including 0.3.2, emphasizing the need for users to implement security updates and adhere to best practices.

Affected Version(s)

Photo Express for Google <= 0.3.2

References

https://patchstack.com/database/wordpress/plugin/photo-ex...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Feb 21, 2025

Credit

João Pedro S Alcântara (Kinorth) (Patchstack Alliance)