Cross-site Scripting Vulnerability in ShiftNav Responsive Mobile Menu by SevenSpark
CVE-2025-49243

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Shiftnav – Responsive Mobile Menu
Vendor: CVE Published:; 6 June 2025

What is CVE-2025-49243?

The ShiftNav – Responsive Mobile Menu by SevenSpark is susceptible to a Cross-site Scripting vulnerability due to improper neutralization of user input during web page generation. This flaw enables attackers to execute arbitrary scripts, allowing for potential data theft or unauthorized actions on behalf of users. It affects versions from n/a through 1.8, underscoring the need for immediate updates and security measures to safeguard user data and maintain website integrity.

Affected Version(s)

ShiftNav – Responsive Mobile Menu <= 1.8

References

https://patchstack.com/database/wordpress/plugin/shiftnav...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2025
Vulnerability Reserved
Jun 4, 2025

Credit

muhammad yudha (Patchstack Alliance)