CVE-2025-52735

Published Oct 22, 2025

Last updated 2 months ago

CVSS medium 6.5

Overview

Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.21.0.
Source: audit@patchstack.com
NVD status: Modified
Products: nextmove

Risk scores

CVSS 3.1

Type: Secondary
Base score: 6.5
Impact score: 3.7
Exploitability score: 2.3
Vector string: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Severity: MEDIUM

Weaknesses

audit@patchstack.com: CWE-79

Hype score: Not currently trending

CVE-2025-52735 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows … https://t.co/Nfxwb8MjwW
@CVEnew
18 Nov 2025
124 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xlplugins:nextmove:*:*:*:*:lite:wordpress:*:*",
            "matchCriteriaId": "52C95FD9-8310-4C5A-9C11-5077509D8938",
            "versionEndIncluding": "2.23.0",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

Related CVEs

References