Cross-Site Scripting Vulnerability in AppJetty Show All Comments Plugin
CVE-2025-47607

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Show All Comments
Vendor: CVE Published:; 7 May 2025

What is CVE-2025-47607?

The AppJetty Show All Comments plugin is susceptible to a Cross-Site Scripting (XSS) vulnerability, allowing attackers to inject malicious scripts into web pages. This flaw occurs due to inappropriate handling of user input, which can lead to stored XSS attacks. When an affected version is used, potentially malicious content can be stored and subsequently executed in the browser of users accessing the webpage. This poses significant risks, including session hijacking and unauthorized information disclosure.

Affected Version(s)

Show All Comments <= 7.0.1

References

https://patchstack.com/database/wordpress/plugin/show-all...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 7, 2025
Vulnerability Reserved
May 7, 2025

Credit

Nabil Irawan (Patchstack Alliance)