Cross-Site Scripting Vulnerability in Section Widget by WordPress
CVE-2025-46537

7.1HIGH

Key Information:

Vendor: WordPress
Status: Section Widget
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-46537?

The Section Widget plugin for WordPress contains a vulnerability that allows an attacker to execute arbitrary JavaScript code in the browser of users viewing infected web pages. This type of vulnerability, known as Reflected Cross-Site Scripting (XSS), occurs when user input is improperly sanitized during page generation. Versions of the Section Widget plugin from n/a to 3.3.1 are susceptible to this issue, potentially leading to unauthorized actions being performed on behalf of users.

Affected Version(s)

Section Widget <= 3.3.1

References

https://patchstack.com/database/wordpress/plugin/section-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
Apr 24, 2025

Credit

Nabil Irawan (Patchstack Alliance)