EUVD-2026-22824
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
Lifecycle Timeline
1DescriptionNVD
The Age Verification & Identity Verification by Token of Trust plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘description’ parameter in all versions up to, and including, 3.32.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AnalysisAI
Stored Cross-Site Scripting in Token of Trust WordPress plugin versions ≤3.32.3 allows unauthenticated remote attackers to inject malicious scripts via the unsanitized 'description' parameter, achieving persistent code execution in victim browsers with changed security context (CVSS scope changed). CVSS 7.2 with network attack vector and no authentication required. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: disable or remove Token of Trust plugin versions ≤3.32.3 from all WordPress installations; audit plugin activity logs for suspicious description parameter submissions. Within 7 days: identify and assess alternative plugins for required functionality; implement Web Application Firewall (WAF) rules to filter malicious script injection in plugin parameters if removal is not operationally feasible. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today