Cross-site Scripting Vulnerability in Print My Blog by Michael Nelson
CVE-2025-54740

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Print My Blog
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-54740?

A Cross-site Scripting (XSS) vulnerability exists in the Print My Blog plugin developed by Michael Nelson. This security flaw allows for the injection of malicious scripts that could be executed when a user accesses a compromised page. The issue primarily affects versions up to 3.27.9, enabling attackers to exploit the plugin and potentially manipulate user data or gain unauthorized access to sensitive information. Website administrators utilizing this plugin should be vigilant and evaluate their security measures to mitigate risks associated with this vulnerability.

Affected Version(s)

Print My Blog <= 3.27.9

References

https://patchstack.com/database/wordpress/plugin/print-my...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jul 28, 2025

Credit

zaim (Patchstack Alliance)