Cross-Site Scripting Vulnerability in NotFound JetSearch Plugin
CVE-2025-31043

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Jetsearch
Vendor: CVE Published:; 31 March 2025

What is CVE-2025-31043?

The NotFound JetSearch plugin contains a vulnerability that allows improper neutralization of user input, potentially leading to DOM-based Cross-Site Scripting (XSS) attacks. This issue can be exploited when unsafe user input is used in web pages generated by the plugin, enabling attackers to execute arbitrary scripts in the context of the user's browser. Affected versions include those from n/a up to 3.5.7, exposing sites to security risks that can compromise user data and application integrity.

Affected Version(s)

JetSearch 0 <= 3.5.7

References

https://patchstack.com/database/Wordpress/Plugin/jet-sear...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 31, 2025
Vulnerability Reserved
Mar 26, 2025

Credit

stealthcopter (Patchstack Alliance)

CVE-2025-31043 Data

JSON