CVE-2025-49357

2025-12-31 [email protected]
XSS Information Disclosure

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 13:15 nvd
N/A

DescriptionNVD

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in audiomack Audiomack audiomack allows Stored XSS.This issue affects Audiomack: from n/a through <= 1.4.8.

AnalysisAI

Stored cross-site scripting (XSS) in the Audiomack WordPress plugin through version 1.4.8 allows authenticated attackers to inject malicious scripts into web pages, enabling session hijacking, credential theft, or defacement. No active exploitation detected (EPSS 0.04%, low percentile), but the vulnerability affects all installations of the vulnerable plugin versions and persists across page loads due to its stored nature.

Technical ContextAI

This vulnerability represents a CWE-79 (Improper Neutralization of Input During Web Page Generation) flaw in the Audiomack WordPress plugin, a content management and distribution tool. The plugin fails to properly sanitize user-supplied input before storing it in the database and rendering it in the WordPress admin or frontend interfaces. Stored XSS vulnerabilities differ from reflected XSS in that the malicious payload persists in the application database, affecting all users who view the compromised content rather than requiring a targeted delivery mechanism. WordPress plugins operate with direct database access and content rendering privileges, making stored XSS particularly dangerous in the WordPress ecosystem.

Affected ProductsAI

The Audiomack WordPress plugin from version 1.4.8 and earlier are affected. The CPE and exact version range boundaries are not independently confirmed beyond the 'through <= 1.4.8' specification in the vulnerability disclosure. The vulnerability was reported through the Patchstack vulnerability database, which aggregates WordPress plugin security issues. More information is available at https://patchstack.com/database/Wordpress/Plugin/audiomack/vulnerability/wordpress-audiomack-plugin-1-4-8-cross-site-scripting-xss-vulnerability?_s_id=cve.

RemediationAI

Update the Audiomack WordPress plugin to a version newer than 1.4.8 immediately. Patch information and exact fixed versions should be verified through the official WordPress plugin repository or the vendor's advisory at the Patchstack reference link. In the interim, restrict plugin access to trusted administrators only and audit the WordPress database for any suspicious stored content that may indicate previous exploitation. Review admin activity logs for unauthorized content modifications, and consider using WordPress security plugins with XSS filtering capabilities to neutralize malicious scripts before rendering.

Share

CVE-2025-49357 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy