CVE-2025-24730

CWE-79 — Cross-site Scripting (XSS)3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 65.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Rextheme WP VR

Timeline

PublishedJan 24

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RexTheme WP VR wpvr allows DOM-Based XSS.This issue affects WP VR: from n/a through <= 8.5.14.

Affected Packages1 packages

▶CVEListV5rextheme/wp_vr8.5.14

🔴Vulnerability Details

GHSA

GHSA-36g3-jf2j-m2rj: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rextheme WP VR allows DOM-Based XSS↗2025-01-24

▶

CVEList

WordPress WP VR plugin <= 8.5.14 - Cross Site Scripting (XSS) vulnerability↗2025-01-24

▶