Cross-Site Scripting Vulnerability in WP-Hijri by Mohammad I. Okfie
CVE-2025-32560

7.1HIGH

Key Information:

Vendor: WordPress
Status: WP-hijri
Vendor: CVE Published:; 17 April 2025

What is CVE-2025-32560?

The WP-Hijri plugin developed by Mohammad I. Okfie contains a vulnerability that allows for reflected Cross-Site Scripting (XSS) attacks. This occurs due to improper handling of user input during the web page generation process, enabling malicious actors to inject scripts into web pages viewed by users. Affected versions include all prior to 1.5.3, potentially compromising user data and the integrity of the affected sites. It is crucial for users of the WP-Hijri plugin to review their installations and consider upgrading to a patched version to mitigate the risks associated with this vulnerability.

Affected Version(s)

WP-Hijri <= 1.5.3

References

https://patchstack.com/database/wordpress/plugin/wp-hijri...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2025
Vulnerability Reserved
Apr 9, 2025

Credit

Le Ngoc Anh (Patchstack Alliance)