Cross-Site Scripting Vulnerability in WordPress Login Form Plugin by Ajay Sharma
CVE-2025-28914

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: WordPress Login Form To Anywhere
Vendor: CVE Published:; 11 March 2025

What is CVE-2025-28914?

A Cross-Site Scripting (XSS) vulnerability has been identified in the WordPress Login Form to Anywhere plugin developed by Ajay Sharma. This vulnerability allows an attacker to inject malicious scripts via input fields, leading to Stored XSS attacks. Users on version 0.2 of the plugin are notably affected, which could potentially compromise sensitive user data. It's critical for users and administrators to update the plugin and implement security measures to protect against the exploitation of this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

wordpress login form to anywhere <= 0.2

References

https://patchstack.com/database/wordpress/plugin/wp-show-...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 11, 2025
Vulnerability Reserved
Mar 11, 2025

Credit

Nabil Irawan (Patchstack Alliance)

JSON

WordPress