Stored XSS Vulnerability in AWEOS WP Lock by AWEOS GmbH
CVE-2025-47522
5.9MEDIUM
Summary
A vulnerability in AWEOS WP Lock, a plugin by AWEOS GmbH, allows for Stored Cross-site Scripting (XSS) due to improper input neutralization during web page generation. Attackers may exploit this flaw to inject malicious scripts, potentially compromising user data and site integrity. This vulnerability affects versions from n/a up to 1.4.8 of the plugin. Website administrators are urged to implement appropriate security measures to rectify and mitigate any associated risks.
Affected Version(s)
AWEOS WP Lock <= 1.4.8
References
CVSS V3.1
Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Nabil Irawan (Patchstack Alliance)