Reflected Cross-Site Scripting Vulnerability in WP Talroo Plugin for WordPress
CVE-2025-8281
Key Information:
Badges
What is CVE-2025-8281?
The WP Talroo WordPress plugin prior to version 2.4 has a critical security flaw that fails to properly sanitize and escape user input before displaying it on web pages. This vulnerability allows attackers to craft malicious links that, when accessed by high-privilege users, such as administrators or unauthenticated end-users, can result in Reflective Cross-Site Scripting attacks. Successful exploitation may lead to unauthorized actions or exposure of sensitive data, making it essential for all users to update to the latest version to mitigate this risk.
Affected Version(s)
WP Talroo 0 <= 2.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.