Cross-Site Scripting Vulnerability in BoldGrid Sprout Clients
CVE-2025-66118

Currently unrated

Key Information:

Vendor

WordPress
Status
Sprout Clients
Vendor
CVE Published:
18 December 2025

What is CVE-2025-66118?

The BoldGrid Sprout Clients plugin is susceptible to an improper neutralization of input during web page generation, leading to a reflected Cross-Site Scripting (XSS) vulnerability. This allows an attacker to execute arbitrary scripts in the context of the user's session, potentially compromising user data and session management. The flaw affects all versions up to and including 3.2.1, making it crucial for users and web administrators to address this security risk promptly to protect against potential attacks.

Affected Version(s)

Sprout Clients <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/spro...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Nguyen Xuan Chien | Patchstack Bug Bounty Program
JSON
.
CVE-2025-66118 : Cross-Site Scripting Vulnerability in BoldGrid Sprout Clients