Stored XSS Vulnerability in Map Categories to Pages by Amit Verma
CVE-2025-60146

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Map Categories To Pages
Vendor: CVE Published:; 26 September 2025

What is CVE-2025-60146?

A stored Cross-site Scripting (XSS) vulnerability exists in the Map Categories to Pages plugin developed by Amit Verma. This flaw allows attackers to inject malicious scripts into web pages, potentially affecting users who visit the compromised pages. Specifically, versions from n/a up to 1.3.2 of the plugin are vulnerable, posing a significant risk to website security. It is crucial for users of affected versions to implement security measures or apply patches to mitigate this threat.

Affected Version(s)

Map Categories to Pages <= 1.3.2

References

https://patchstack.com/database/wordpress/plugin/map-cate...

vdb-entry

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 26, 2025
Vulnerability Reserved
Sep 25, 2025

Credit

Nabil Irawan (Patchstack Alliance)

JSON