CVE-2025-1232HIGH 8.8EPSS p75.4%

CVE-2025-1232CVE-2025-1232

Description

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks

Scoring

CVSS 3.18.8 (HIGH)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS1.78% probability of exploitation · percentile 75.4% · 2026-06-19T12:03:05Z
Published2025-03-19
Last modified2025-05-09

Underlying weaknesses· 1

CWE-79

References

  1. https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/

1

TypeTargetConfidenceTier
WeaknessImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting')cwe-790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-3326
CVE
CVE-2025-14124
CVE
CVE-2025-15386
CVE
CVE-2025-9697
CVE
CVE-2025-4578
CVE
CVE-2025-1707
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.