Cross-site Scripting Vulnerability in SMu Manual DoFollow Plugin by Stefan M.
CVE-2025-49031

7.1HIGH

Key Information:

Vendor: WordPress
Status: Smu Manual Dofollow
Vendor: CVE Published:; 16 July 2025

What is CVE-2025-49031?

The SMu Manual DoFollow plugin, developed by Stefan M., is susceptible to a Cross-site Scripting (XSS) vulnerability that occurs due to improper neutralization of user inputs during web page generation. This vulnerability could allow an attacker to execute malicious scripts in the context of the user's session, potentially compromising the security of affected WordPress sites, including versions from n/a up to 1.8.1.

Affected Version(s)

SMu Manual DoFollow <= 1.8.1

References

https://patchstack.com/database/wordpress/plugin/manuall-...

vdb-entry

CVSS V3.1

Score:

7.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2025
Vulnerability Reserved
May 30, 2025

Credit

Nguyen Xuan Chien (Patchstack Alliance)