Cross-site Scripting Vulnerability in Mibuthu Link View Plugin for WordPress
CVE-2025-49039

5.9MEDIUM

Key Information:

Vendor

WordPress
Status
Link View
Vendor
CVE Published:
27 August 2025

What is CVE-2025-49039?

The Mibuthu Link View Plugin for WordPress contains a vulnerability that allows for stored Cross-site Scripting (XSS) due to improper handling of input during web page generation. This security concern affects all versions from n/a to 0.8.0, potentially enabling attackers to inject malicious scripts into web pages viewed by users, leading to unauthorized access and data manipulation.

Affected Version(s)

Link View <= 0.8.0

References

https://patchstack.com/database/wordpress/plugin/link-vie...
vdb-entry

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nabil Irawan (Patchstack Bug Bounty program)
.
CVE-2025-49039 : Cross-site Scripting Vulnerability in Mibuthu Link View Plugin for WordPress