Stored XSS Vulnerability in Structured Content by Codemacher
CVE-2025-30918

6.5MEDIUM

Key Information:

Vendor

WordPress

Vendor
CVE Published:
27 March 2025

What is CVE-2025-30918?

A Cross-site Scripting (XSS) vulnerability has been identified in Codemacher's Structured Content plugin, allowing attackers to store malicious scripts that can be executed in the context of the user's browser. This vulnerability affects versions up to 1.6.3, enabling unauthorized access to sensitive information and compromising website integrity.

Affected Version(s)

Structured Content 0 <= 1.6.3

References

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Peter Thaleikis (Patchstack Alliance)
.