Stored XSS Vulnerability in WPeka WP AdCenter Affects WordPress Plugin
CVE-2025-62984

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: WP Adcenter
Vendor: CVE Published:; 27 October 2025

What is CVE-2025-62984?

A vulnerability exists in the WPeka WP AdCenter plugin due to improper neutralization of user input during web page generation. This could allow an attacker to execute arbitrary script code in the context of a user's session, leading to potential exposure of sensitive information or unauthorized actions. This issue impacts all versions of the WP AdCenter plugin up to and including 2.6.1, necessitating prompt action to mitigate associated security risks.

Affected Version(s)

WP AdCenter <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wpad...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 27, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

Peter Thaleikis | Patchstack Bug Bounty Program

JSON