Skip to main content

Sweetdate Core

1 CVEs product

Monthly

CVE-2025-69140 HIGH This Week

Reflected cross-site scripting in the SweetDate Core WordPress plugin versions prior to 1.1.5 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser when the victim is lured into clicking a crafted link. The CVSS 3.1 score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C) reflects unauthenticated network reach with required user interaction and a scope change typical of stored/reflected XSS in browser contexts. No public exploit identified at time of analysis and no EPSS or KEV signal was provided.

XSS Sweetdate Core
NVD VulDB
CVSS 3.1
7.1
EPSS
0.2%
EPSS 0% CVSS 7.1
HIGH This Week

Reflected cross-site scripting in the SweetDate Core WordPress plugin versions prior to 1.1.5 allows unauthenticated remote attackers to execute arbitrary JavaScript in a victim's browser when the victim is lured into clicking a crafted link. The CVSS 3.1 score of 7.1 (AV:N/AC:L/PR:N/UI:R/S:C) reflects unauthenticated network reach with required user interaction and a scope change typical of stored/reflected XSS in browser contexts. No public exploit identified at time of analysis and no EPSS or KEV signal was provided.

XSS Sweetdate Core
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy