Stored Cross-Site Scripting Vulnerability in Ocean Social Sharing Plugin for WordPress
CVE-2025-7500

6.4MEDIUM

Key Information:

Vendor

WordPress
Status
Ocean Social Sharing
Vendor
CVE Published:
2 August 2025

What is CVE-2025-7500?

The Ocean Social Sharing plugin for WordPress suffers from a Stored Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping in its social icon titles. This flaw enables authenticated users with Contributor-level access or higher to inject malicious web scripts into pages. The injected scripts are executed whenever a user visits an affected page, potentially compromising user data and site integrity. Users of affected versions should implement patches or update to secure versions to mitigate this risk.

Affected Version(s)

Ocean Social Sharing * <= 2.2.1

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://plugins.trac.wordpress.org/browser/ocean-social-s...
https://plugins.trac.wordpress.org/browser/ocean-social-s...

CVSS V3.1

Score:
6.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

muhammad yudha
.
CVE-2025-7500 : Stored Cross-Site Scripting Vulnerability in Ocean Social Sharing Plugin for WordPress