Cross-Site Scripting Vulnerability in Roxnor Wp Ultimate Review Plugin
CVE-2025-63057

8.2HIGH

Key Information:

Vendor: WordPress
Status: WP Ultimate Review
Vendor: CVE Published:; 9 December 2025

What is CVE-2025-63057?

The Roxnor Wp Ultimate Review plugin is vulnerable to Cross-site Scripting (XSS) due to improper neutralization of user input during web page generation. This vulnerability allows attackers to inject malicious scripts into the DOM, which can potentially lead to data theft or session hijacking when unsuspecting users interact with affected pages. Users of versions up to 2.3.6 are at risk and should promptly update their plugins to mitigate this threat.

Affected Version(s)

Wp Ultimate Review <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wp-u...

vdb-entry

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2025
Vulnerability Reserved
Oct 24, 2025

Credit

zaim | Patchstack Bug Bounty Program

JSON