Stored Cross-Site Scripting in Euro FxRef Currency Converter Plugin for WordPress
CVE-2025-6257
6.4MEDIUM
What is CVE-2025-6257?
The Euro FxRef Currency Converter plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping on user-supplied attributes within the plugin's currency shortcode. This flaw allows authenticated attackers, with contributor-level access or higher, to inject malicious web scripts that execute on pages visited by users, posing a significant risk to website security.
Affected Version(s)
Euro FxRef Currency Converter * <= 2.0.2