Cross-site Scripting Vulnerability in WP Image Mask by Bogdan Bendziukov
CVE-2025-48235
6.5MEDIUM
What is CVE-2025-48235?
A Cross-site Scripting (XSS) vulnerability exists in the WP Image Mask plugin developed by Bogdan Bendziukov. This flaw allows an attacker to inject malicious scripts into web pages, which can then be executed in the context of users visiting the compromised site. The issue particularly affects versions n/a through 3.1.2 of WP Image Mask, making it essential for website administrators to update their installations promptly to mitigate potential security risks.
Affected Version(s)
WP Image Mask <= 3.1.2