- Description
- The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 7.2
- Impact score
- 2.7
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
- Severity
- HIGH
- security@wordfence.com
- CWE-79
- Hype score
- Not currently trending
CVE-2025-4224 (CVSS:7.2, HIGH) is Awaiting Analysis. The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upl..https://t.co/9eq45pYTuY #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
8 Jun 2025
37 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4224 The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, … https://t.co/QNYcsnJrr7
@CVEnew
3 Jun 2025
511 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4224 Stored XSS in wpForo WordPress Plugin via Authenticated Media Upload Names https://t.co/T6iZ2idZKX
@VulmonFeeds
3 Jun 2025
106 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes