Cross-site Scripting Vulnerability in Parakoos Image Wall Plugin by WordPress
CVE-2025-48156

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Image Wall
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-48156?

A Cross-site Scripting (XSS) vulnerability has been identified in the Parakoos Image Wall plugin, allowing attackers to inject malicious scripts into web pages viewed by users. This issue affects all versions up to 3.1, which may lead to unauthorized access to sensitive user data and manipulation of site content. Website owners using the Image Wall plugin should take immediate action to mitigate the risks associated with this vulnerability.

Affected Version(s)

Image Wall <= 3.1

References

https://patchstack.com/database/wordpress/plugin/image-wa...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
May 15, 2025

Credit

Peter Thaleikis (Patchstack Alliance)