Cross-Site Scripting Vulnerability in IP Based Login by Brijeshk89
CVE-2025-50016

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Ip Based Login
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-50016?

A Cross-Site Scripting (XSS) vulnerability has been identified in the IP Based Login plugin by Brijeshk89. This flaw allows attackers to inject malicious scripts into web pages that generate user content. Affected versions, specifically from n/a through 2.4.2, may allow for stored XSS, potentially compromising user data and leading to unauthorized actions. It is crucial for users and administrators to evaluate their usage of this plugin and take necessary security measures.

Affected Version(s)

IP Based Login <= 2.4.2

References

https://patchstack.com/database/wordpress/plugin/ip-based...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

Nguyen Ngoc Quang Bach (maysbachs) (Patchstack Alliance)

JSON