CVE-2026-2425EPSS p10.9%

CVE-2026-2425CVE-2026-2425

Description

The hiWeb Migration Simple plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'new_domain' parameter in all versions up to, and including, 2.0.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrator into performing an action such as clicking on a link.

Scoring

CVSS 6.1 ()
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS0.21% probability of exploitation · percentile 10.9% · 2026-06-19T12:03:05Z
Last modified2026-06-02

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-13614
CVE
CVE-2025-7640
CVE
CVE-2025-3455
CVE
CVE-2025-1232
CVE
CVE-2025-52835
CVE
CVE-2026-10024
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.