Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2025-1232

CWE-79Cross-site Scripting (XSS)5 documents5 sources
Severity
8.8HIGH
EPSS
53.1%
top 2.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown Site ReviewsGeminilabs Site Reviews
Timeline
PublishedMar 19

Description

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5unknown/site_reviews< 7.2.5

🔴Vulnerability Details

2
CVEList
Site Reviews < 7.2.5 - Unauthenticated Stored XSS2025-03-19
GHSA
GHSA-6qw8-39x3-j5rj: The Site Reviews WordPress plugin before 72025-03-19

💥Exploits & PoCs

1
Nuclei
Site Reviews < 7.2.5 - Unauthenticated Stored XSS

📋Vendor Advisories

1
Microsoft
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.2023-03-14
CVE-2025-1232 (HIGH CVSS 8.8) | The Site Reviews WordPress plugin b | cvebase.io