Cross-site Scripting Vulnerability in Video Blogster Lite by WordPress
CVE-2025-47689

7.1HIGH

Key Information:

Vendor: WordPress
Status: Video Blogster Lite
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-47689?

The Video Blogster Lite plugin for WordPress is susceptible to a reflected Cross-site Scripting (XSS) vulnerability due to improper input-neutralization during web page generation. This can potentially allow attackers to inject malicious scripts into web pages viewed by users, leading to unauthorized access and data theft. The affected versions range from none specified up to 1.2, highlighting the urgency for users to update their versions to mitigate risks. Adopting security best practices and regularly updating plugins can help prevent exploitation of this vulnerability.

Affected Version(s)

Video Blogster Lite <= 1.2

References

https://patchstack.com/database/wordpress/plugin/video-bl...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
May 7, 2025

Credit

Nguyen Xuan Chien (Patchstack Alliance)

JSON