Cross-site Scripting Vulnerability in Content Control Plugin by Code Atlantic
CVE-2025-47501

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Content Control
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-47501?

The Content Control plugin developed by Code Atlantic is vulnerable to a Cross-site Scripting (XSS) attack due to improper neutralization of input during web page generation. This security flaw allows attackers to execute malicious scripts in the context of the user's browser, potentially leading to session hijacking, data theft, or other malicious activities. The vulnerability is present in all versions of the plugin prior to 2.6.1, necessitating immediate attention and remediation.

Affected Version(s)

Content Control <= 2.6.1

References

https://patchstack.com/database/wordpress/plugin/content-...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

muhammad yudha (Patchstack Alliance)