Stored Cross-Site Scripting Vulnerability in Amministrazione Trasparente Plugin for WordPress
CVE-2025-5083

5.5MEDIUM

Key Information:

Vendor: WordPress
Status: Amministrazione Trasparente
Vendor: CVE Published:; 31 August 2025

What is CVE-2025-5083?

The Amministrazione Trasparente plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping in the admin settings. This issue affects all versions up to and including 9.0. Authenticated attackers with administrator-level permissions can exploit this vulnerability to inject and execute arbitrary web scripts on pages when accessed by users. Notably, the risk is heightened in multi-site deployments and configurations where unfiltered_html has been disabled.

Affected Version(s)

Amministrazione Trasparente * <= 9.0

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://github.com/WPGov/amministrazione-trasparente/blob...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 31, 2025
Vulnerability Reserved
May 22, 2025

Credit

Antonio Francesco Sardella