Get Use Apis
Monthly
The Get Use APIs WordPress plugin before version 2.0.10 contains a Cross-Site Scripting (XSS) vulnerability that arises from unsanitized execution of imported JSON data. This vulnerability allows attackers with contributor-level privileges (a low-level WordPress role) to inject and execute malicious scripts under certain server configurations, potentially compromising site integrity and user data. A public proof-of-concept exploit is available via WPScan, and the vulnerability has been documented in multiple intelligence sources (WPScan, VulDB, and EUVD-2025-208813), indicating active awareness in the security community.
The Get Use APIs WordPress plugin before version 2.0.10 contains a Cross-Site Scripting (XSS) vulnerability that arises from unsanitized execution of imported JSON data. This vulnerability allows attackers with contributor-level privileges (a low-level WordPress role) to inject and execute malicious scripts under certain server configurations, potentially compromising site integrity and user data. A public proof-of-concept exploit is available via WPScan, and the vulnerability has been documented in multiple intelligence sources (WPScan, VulDB, and EUVD-2025-208813), indicating active awareness in the security community.