Skip to main content

Wp Emmet

1 CVEs product

Monthly

CVE-2025-15658 MEDIUM This Month

Stored Cross-Site Scripting in the WP Emmet WordPress plugin (by rewish) versions 0.3.4 and earlier allows an administrator-level user to inject persistent malicious scripts through the plugin interface, which then execute in the browsers of other users who visit affected pages. The CVSS scope-change metric (S:C) confirms the injected payload crosses trust boundaries beyond the attacker's own session, enabling session hijacking, credential theft, or unauthorized actions against victims. No public exploit has been identified at time of analysis, and the vulnerability has not appeared in CISA KEV.

XSS Wp Emmet
NVD
CVSS 3.1
5.9
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM This Month

Stored Cross-Site Scripting in the WP Emmet WordPress plugin (by rewish) versions 0.3.4 and earlier allows an administrator-level user to inject persistent malicious scripts through the plugin interface, which then execute in the browsers of other users who visit affected pages. The CVSS scope-change metric (S:C) confirms the injected payload crosses trust boundaries beyond the attacker's own session, enabling session hijacking, credential theft, or unauthorized actions against victims. No public exploit has been identified at time of analysis, and the vulnerability has not appeared in CISA KEV.

XSS Wp Emmet
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy