Reflected XSS Vulnerability in Verge3D by Soft8Soft LLC
CVE-2025-48241

7.1HIGH

Key Information:

Vendor: WordPress
Status: Verge3d
Vendor: CVE Published:; 23 May 2025

What is CVE-2025-48241?

The Verge3D product by Soft8Soft LLC is susceptible to a reflected Cross-site Scripting (XSS) vulnerability. This issue arises from improper handling of user input during web page generation, allowing attackers to craft malicious links. When users click such links, harmful scripts are executed in their browsers, potentially compromising session cookies, personal data, and other sensitive information. This vulnerability affects Verge3D from versions n/a through 4.9.3, highlighting the need for prompt security measures.

Affected Version(s)

Verge3D <= 4.9.3

References

https://patchstack.com/database/wordpress/plugin/verge3d/...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 23, 2025
Vulnerability Reserved
May 19, 2025

Credit

Hiro (Code016Hiro) (Patchstack Alliance)