Cross-site Scripting Vulnerability in wp secure by SiteSecurityMonitor
CVE-2025-32490

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP Secure
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-32490?

The wp secure plugin by SiteSecurityMonitor contains a vulnerability that allows for code injection via improper handling of user input during web page generation. This flaw can lead to Stored Cross-site Scripting (Stored XSS), posing significant risks to users by allowing malicious scripts to be executed in their browsers. Attackers could exploit this vulnerability to steal sensitive user information and perform actions on behalf of users without their consent. It affects versions from n/a through 1.2, necessitating immediate attention and remediation.

Affected Version(s)

wp secure <= 1.2

References

https://patchstack.com/database/wordpress/plugin/wp-secur...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

johska (Patchstack Alliance)