Cross-site Scripting Vulnerability in Smart Notification by Smartiolabs
CVE-2025-39478

7.1HIGH

Key Information:

Vendor: WordPress
Status: Smart Notification
Vendor: CVE Published:; 27 June 2025

What is CVE-2025-39478?

A Cross-site Scripting (XSS) vulnerability has been identified in the Smart Notification plugin developed by Smartiolabs. This weakness allows attackers to inject malicious scripts into web pages that could be executed in the context of an authenticated user. The flaw exists in versions of the Smart Notification plugin ranging from n/a up to and including 10.3, leading to potential security breaches and data exposure. Website administrators are strongly advised to update the plugin to the latest version to mitigate these risks effectively.

Affected Version(s)

Smart Notification <= 10.3

References

https://patchstack.com/database/wordpress/plugin/smio-pus...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 27, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Bonds (Patchstack Alliance)