Cross-site Scripting Vulnerability in NasaTheme Nasa Core Product
CVE-2025-49067

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Nasa Core
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-49067?

A Stored Cross-site Scripting (XSS) vulnerability exists in the NasaTheme Nasa Core product, which allows attackers to inject malicious scripts into web pages. This can lead to unauthorized access to sensitive user data or manipulation of the site. The issue specifically affects versions of the Nasa Core prior to 6.4.1, highlighting the importance for users to update to the latest version to mitigate potential risks.

Affected Version(s)

Nasa Core < 6.4.1

References

https://patchstack.com/database/wordpress/plugin/nasa-cor...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
May 30, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)