Stored Cross-Site Scripting Vulnerability in Muse.ai Video Embedding Plugin for WordPress
CVE-2025-6262

6.4MEDIUM

Key Information:

Vendor: WordPress
Status: Muse.ai Video Embedding
Vendor: CVE Published:; 24 July 2025

What is CVE-2025-6262?

The Muse.ai video embedding plugin for WordPress is susceptible to stored cross-site scripting due to a lack of proper input sanitization and output escaping in the 'muse-ai' shortcode. This vulnerability affects all plugin versions up to and including 0.4. Authenticated attackers with contributor-level access or higher can exploit this flaw to inject malicious web scripts into pages. Such scripts will execute when users access the manipulated content, potentially leading to unauthorized actions on behalf of the user or exposure of sensitive information.

Affected Version(s)

muse.ai video embedding * <= 0.4

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...

https://wordpress.org/plugins/muse-ai/#developers

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 24, 2025
Vulnerability Reserved
Jun 18, 2025

Credit

Gilang Asra Bilhadi