Stored Cross-Site Scripting in WP Content Security Plugin by WordPress
CVE-2025-4579
7.2HIGH
What is CVE-2025-4579?
The WP Content Security Plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability that allows unauthenticated attackers to inject malicious scripts. This vulnerability arises from inadequate input sanitization and output escaping in the 'blocked-uri' and 'effective-directive' parameters. As a result, when users access compromised pages, harmful scripts can execute, jeopardizing site integrity and user safety.
Affected Version(s)
WP Content Security Plugin * <= 2.3