Cross-site Scripting Vulnerability in RexTheme WP VR Plugin
CVE-2025-62885

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP Vr
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-62885?

The RexTheme WP VR plugin is susceptible to a DOM-Based Cross-site Scripting (XSS) vulnerability, which allows attackers to inject malicious scripts into web pages viewed by users. This issue can potentially compromise the integrity of user interactions with the website, leading to unauthorized actions or data exposure. It is essential for users of the WP VR plugin, especially those using versions up to 8.5.42, to implement security measures to mitigate this risk.

Affected Version(s)

WP VR <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wpvr...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Peter Thaleikis | Patchstack Bug Bounty Program

JSON