Cross-site Scripting Vulnerability in ANAC XML Bandi di Gara Plugin by Marco Milesi
CVE-2025-64260

Currently unrated

Key Information:

Vendor

WordPress
Status
Anac Xml Bandi Di Gara
Vendor
CVE Published:
18 December 2025

What is CVE-2025-64260?

The ANAC XML Bandi di Gara plugin by Marco Milesi contains a Cross-site Scripting (XSS) vulnerability that allows for improper neutralization of user input during the generation of web pages. This reflected XSS issue can be exploited by attackers to inject malicious scripts into web pages viewed by unsuspecting users, potentially compromising sensitive data and website integrity. Versions 7.7 and below are affected, highlighting the need for users to ensure prompt remediation and update to secure versions.

Affected Version(s)

ANAC XML Bandi di Gara <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/avcp...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Skalucy | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64260 : Cross-site Scripting Vulnerability in ANAC XML Bandi di Gara Plugin by Marco Milesi