Cross-Site Scripting Vulnerability in Directory Pro by e-plugins
CVE-2025-52748
7.1HIGH
What is CVE-2025-52748?
The Directory Pro plugin by e-plugins is susceptible to a Cross-Site Scripting (XSS) vulnerability due to improper input neutralization during web page generation. This flaw allows attackers to exploit the plugin, enabling them to inject malicious scripts that can execute in the context of a user's session. Affected versions include all versions up to and including 2.5.5. It is imperative for users to implement security measures and update to the latest version to mitigate potential risks.
Affected Version(s)
Directory Pro <= n/a
References
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved
Credit
João Pedro S Alcântara (Kinorth) (Patchstack Alliance)