Stored Cross-Site Scripting in Mang Board Plugin for WordPress
CVE-2025-3435

4.4MEDIUM

Key Information:

Vendor: WordPress
Status: Mang Board WP
Vendor: CVE Published:; 24 April 2025

What is CVE-2025-3435?

The Mang Board WP plugin for WordPress is susceptible to Stored Cross-Site Scripting vulnerabilities. This issue arises from inadequate input sanitization and output escaping within the board_header and board_footer parameters, allowing authenticated attackers with administrator-level access to inject malicious scripts. This can compromise user experience and security, as malicious content will execute whenever a user accesses a compromised page. Notably, this vulnerability primarily affects multi-site installations and those where the unfiltered_html option has been disabled.

Affected Version(s)

Mang Board WP * <= 1.8.6

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://plugins.trac.wordpress.org/changeset/3272163/mang...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 24, 2025
Vulnerability Reserved
Apr 7, 2025

Credit

Quang Huynh Ngoc