Stored Cross-Site Scripting Vulnerability in Daisycon Plugin for WordPress
CVE-2025-4590

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Daisycon Prijsvergelijkers
Vendor: CVE Published:; 31 May 2025

What is CVE-2025-4590?

The Daisycon prijsvergelijkers plugin for WordPress is susceptible to Stored Cross-Site Scripting vulnerabilities due to inadequate input sanitization and output escaping on user-supplied attributes within the plugin's 'daisycon_uitvaart' shortcode. Authenticated attackers with contributor-level access and greater can exploit this vulnerability to inject arbitrary web scripts that may execute when users visit affected pages. This could compromise user data or lead to phishing attacks on the affected site.

Affected Version(s)

Daisycon prijsvergelijkers * <= 4.8.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/daisycon/

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 31, 2025
Vulnerability Reserved
May 12, 2025

Credit

Cheng Liu