Skip to main content

Wpcasa

1 CVEs product

Monthly

CVE-2025-62043 MEDIUM This Month

A DOM-based cross-site scripting (XSS) vulnerability exists in WPSight WPCasa WordPress plugin versions through 1.4.1, allowing authenticated attackers to inject malicious JavaScript that executes in users' browsers. The vulnerability stems from improper neutralization of user input during web page generation, enabling an attacker with login credentials to craft malicious payloads that execute in the context of other users' sessions. With a CVSS score of 6.5 and network-accessible attack vector requiring only user interaction, this vulnerability poses a moderate risk to WordPress installations using affected WPCasa versions, particularly those managing real estate listings where authenticated users have content creation privileges.

XSS Wpcasa
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
EPSS 0% CVSS 6.5
MEDIUM This Month

A DOM-based cross-site scripting (XSS) vulnerability exists in WPSight WPCasa WordPress plugin versions through 1.4.1, allowing authenticated attackers to inject malicious JavaScript that executes in users' browsers. The vulnerability stems from improper neutralization of user input during web page generation, enabling an attacker with login credentials to craft malicious payloads that execute in the context of other users' sessions. With a CVSS score of 6.5 and network-accessible attack vector requiring only user interaction, this vulnerability poses a moderate risk to WordPress installations using affected WPCasa versions, particularly those managing real estate listings where authenticated users have content creation privileges.

XSS Wpcasa
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy