Cross-Site Scripting Vulnerability in Easy Flash Embed by Vincent Boiardt
CVE-2025-48105

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Easy Flash Embed
Vendor: CVE Published:; 5 September 2025

What is CVE-2025-48105?

A Cross-Site Scripting (XSS) vulnerability exists in the Easy Flash Embed plugin by Vincent Boiardt, allowing attackers to inject malicious scripts. This flaw facilitates stored XSS attacks, posing significant risks to users interacting with affected web pages. Proper validation and sanitization of user inputs are crucial to mitigate this security issue. Ensure your installation of Easy Flash Embed is updated to protect against potential exploits.

Affected Version(s)

Easy Flash Embed <= 1.0

References

https://patchstack.com/database/wordpress/plugin/easy-fla...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 5, 2025
Vulnerability Reserved
May 15, 2025

Credit

Muhammad Yudha - DJ (Patchstack Alliance)