Cross-Site Scripting Vulnerability in Ohio Extra Plugin by Colabrio
CVE-2025-64365

Currently unrated

Key Information:

Vendor

WordPress
Status
Ohio Extra
Vendor
CVE Published:
31 October 2025

What is CVE-2025-64365?

The Ohio Extra plugin by Colabrio is vulnerable to a Cross-Site Scripting (XSS) issue due to improper neutralization of user input during web page generation. This vulnerability allows attackers to inject malicious scripts that can execute in the context of the user's browser, potentially leading to data theft or unauthorized actions on behalf of the users. All versions of the Ohio Extra plugin up to and including 3.6.0 are affected, making it imperative for users to update to the latest version and implement necessary security measures.

Affected Version(s)

Ohio Extra <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/ohio...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

João Pedro S Alcântara (Kinorth) | Patchstack Bug Bounty Program
JSON
.
CVE-2025-64365 : Cross-Site Scripting Vulnerability in Ohio Extra Plugin by Colabrio