Cross-site Scripting Vulnerability in My Resume Builder by abditsori
CVE-2025-53336

6.5MEDIUM

Key Information:

Vendor

WordPress
Status
My Resume Builder
Vendor
CVE Published:
27 June 2025

What is CVE-2025-53336?

The My Resume Builder application by abditsori includes a vulnerability that enables Stored Cross-site Scripting (XSS) attacks. This occurs when user input is not properly sanitized during web page generation, allowing malicious scripts to be stored and executed within the application. This flaw affects versions from n/a up to 1.0.3, posing significant security risks to users by potentially enabling an attacker to manipulate user sessions, steal sensitive information, or inject harmful content.

Affected Version(s)

My Resume Builder <= 1.0.3

References

https://patchstack.com/database/wordpress/plugin/my-resum...
vdb-entry

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Ngoc Quang Bach (maysbachs) (Patchstack Alliance)
.
CVE-2025-53336 : Cross-site Scripting Vulnerability in My Resume Builder by abditsori