CVE-2025-62757

2025-12-31 [email protected]

Lifecycle Timeline

2
Analysis Generated
Apr 01, 2026 - 17:44 vuln.today
CVE Published
Dec 31, 2025 - 12:16 nvd
N/A

Tags

WordPress PHP XSS

Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebMan Design | Oliver Juhas WebMan Amplifier webman-amplifier allows DOM-Based XSS.This issue affects WebMan Amplifier: from n/a through <= 1.5.12.

Analysis

DOM-based cross-site scripting (XSS) in WebMan Amplifier WordPress plugin through version 1.5.12 allows attackers to inject malicious scripts that execute in users' browsers. The vulnerability stems from improper neutralization of user input during web page generation, enabling stored or reflected XSS attacks depending on the specific injection vector. With an EPSS score of 0.01% (3rd percentile) and no evidence of active exploitation, this represents a low real-world risk despite the XSS classification, though remediation is still recommended for all affected installations.

Technical Context

WebMan Amplifier is a WordPress plugin that fails to properly sanitize and escape user-supplied input before rendering it in the DOM (Document Object Model). The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation), which encompasses both stored and reflected XSS. The root cause is insufficient input validation or output encoding when constructing dynamic HTML content in the browser. WordPress plugins are executed within the WordPress application context and have direct access to the WordPress database and frontend rendering pipeline, making XSS flaws in plugins particularly dangerous as they affect all site visitors or administrators depending on the injection point.

Affected Products

WebMan Amplifier WordPress plugin from an unspecified baseline version through 1.5.12 is affected. The plugin is maintained by Oliver Juhas (WebMan Design) and is distributed through the WordPress plugin repository. Affected installations include all deployments running version 1.5.12 or earlier. The vulnerability was reported by Patchstack ([email protected]), which maintains a database of WordPress plugin vulnerabilities.

Remediation

Update WebMan Amplifier to a version newer than 1.5.12. Verify the patched version number in the official WordPress plugin repository or contact the vendor directly for the exact fixed version. In the interim, site administrators should restrict access to plugin functionality to trusted users only and monitor web server logs for suspicious input patterns. The Patchstack vulnerability database (https://patchstack.com/database/Wordpress/Plugin/webman-amplifier/vulnerability/wordpress-webman-amplifier-plugin-1-5-12-cross-site-scripting-xss-vulnerability) provides additional details and may include recommended patched versions when released.

Priority Score

0
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +0
POC: 0

Share

CVE-2025-62757 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy