Cross-site Scripting Vulnerability in Shamalli Web Directory Free by Shamalli
CVE-2025-69018

6.5MEDIUM

Key Information:

Vendor: WordPress
Status: Web Directory Free
Vendor: CVE Published:; 30 December 2025

What is CVE-2025-69018?

The Web Directory Free product by Shamalli is vulnerable to a Cross-site Scripting (XSS) issue that allows attackers to execute malicious scripts in users' browsers. This vulnerability arises from improper sanitization of user inputs during the generation of web pages, leading to DOM-based XSS. Affected versions include all versions up to 1.7.12, exposing users to potential data theft and session hijacking. To mitigate risks, users should update to the latest version and implement robust input validation strategies.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Web Directory Free <= n/a

References

https://patchstack.com/database/Wordpress/Plugin/web-dire...

vdb-entry

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Dec 30, 2025
Vulnerability Reserved
Dec 29, 2025

Credit

Muhammad Yudha - DJ | Patchstack Bug Bounty Program

JSON

WordPress