Cross-Site Scripting Vulnerability in Dynamic User Directory by Sarah Giles
CVE-2025-62982

5.4MEDIUM

Key Information:

Vendor: WordPress
Status: Dynamic User Directory
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-62982?

The Dynamic User Directory plugin by Sarah Giles has a serious Cross-Site Scripting (XSS) vulnerability that allows attackers to execute malicious scripts through improperly sanitized input during web page generation. This flaw affects versions prior to and including 2.3, enabling stored XSS attacks that can compromise user data and website integrity. It is crucial for users of this plugin to update to the latest version and ensure proper web security measures are in place.

Affected Version(s)

Dynamic User Directory <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/dyna...

vdb-entry

CVSS V3.1

Score:

5.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Jin Yub | Patchstack Bug Bounty Program

JSON