Cross-site Scripting Vulnerability in Atakan Au's Automatically Hierarchic Categories Plugin
CVE-2025-50048

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Automatically Hierarchic Categories In Menu
Vendor: CVE Published:; 20 June 2025

What is CVE-2025-50048?

An improper neutralization of input during web page generation has been identified in the Automatically Hierarchic Categories in Menu plugin by Atakan Au. This vulnerability allows for stored cross-site scripting (XSS) attacks, which could potentially enable an attacker to manipulate user sessions or inject harmful scripts into the web application's output. The affected versions range from n/a to 2.0.9, highlighting the importance of immediate patching and diligent security practices for users of this plugin.

Affected Version(s)

Automatically Hierarchic Categories in Menu <= 2.0.9

References

https://patchstack.com/database/wordpress/plugin/automati...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 20, 2025
Vulnerability Reserved
Jun 11, 2025

Credit

muhammad yudha (Patchstack Alliance)