Skip to main content

Google CVE-2025-50053

HIGH
Cross-site Scripting (XSS) (CWE-79)
2025-12-31 audit@patchstack.com
7.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.1 HIGH
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low

Lifecycle Timeline

4
Re-analysis Queued
Apr 23, 2026 - 15:43 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 15:43 NVD
7.1 (HIGH)
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 20:15 nvd
N/A

DescriptionCVE.org

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin &#8211; Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.This issue affects Blappsta Mobile App Plugin &#8211; Your native, mobile iPhone App and Android App: from n/a through <= 0.8.8.8.

AnalysisAI

Reflected Cross-site Scripting (XSS) in nebelhorn Blappsta Mobile App Plugin for WordPress affects versions through 0.8.8.8, allowing unauthenticated remote attackers to inject malicious scripts into web pages viewed by users. The vulnerability stems from improper input neutralization during page generation. With an EPSS score of 0.04% (14th percentile), exploitation likelihood is low, and no public exploit code or active exploitation has been identified at time of analysis.

Technical ContextAI

This vulnerability represents a classic Reflected XSS flaw (CWE-79) in a WordPress plugin designed to generate native mobile app wrappers for iOS and Android applications. The plugin fails to properly sanitize or encode user-supplied input before rendering it into dynamically generated web pages. Reflected XSS occurs when untrusted data is echoed back to the user's browser without encoding, allowing attackers to craft malicious URLs containing JavaScript payloads that execute in the victim's session context. WordPress plugins are particularly sensitive to XSS given their role in content rendering and user interaction management.

Affected ProductsAI

The nebelhorn Blappsta Mobile App Plugin (also referenced as yournewsapp plugin) for WordPress is affected in versions from the initial release through version 0.8.8.8 inclusive. The plugin is distributed via the WordPress.org plugin repository as documented by the Patchstack vulnerability database.

RemediationAI

Update the Blappsta Mobile App Plugin to a version newer than 0.8.8.8. Users should navigate to their WordPress dashboard, go to Plugins > Installed Plugins, locate the yournewsapp (Blappsta Mobile App Plugin) entry, and click 'Update' if available, or disable and remove the plugin if updates are not available. Verify that the updated version properly sanitizes all user input using WordPress functions such as sanitize_text_field(), wp_kses_post(), or esc_attr() depending on context. Reference the Patchstack vulnerability database entry at https://patchstack.com/database/Wordpress/Plugin/yournewsapp/vulnerability/wordpress-blappsta-mobile-app-plugin-your-native-mobile-iphone-app-and-android-app-plugin-0-8-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve for vendor guidance.

Share

CVE-2025-50053 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy