CVE-2025-0688

{"id": "CVE-2025-0688", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.7, "exploitabilityScore": 2.8}]}, "published": "2025-05-15T20:16:01.973", "references": [{"url": "https://wpscan.com/vulnerability/1e2b77c3-ad45-4734-998a-c1722ebd1f4f/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/1e2b77c3-ad45-4734-998a-c1722ebd1f4f/", "tags": ["Exploit", "Third Party Advisory"], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "The Spiritual Gifts Survey (and optional S.H.A.P.E survey) WordPress plugin through 0.9.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated users."}, {"lang": "es", "value": "El complemento Spiritual Gifts Survey (and optional S.H.A.P.E survey) de WordPress hasta la versi\u00f3n 0.9.10 no depura ni escapa un par\u00e1metro antes de mostrarlo nuevamente en la p\u00e1gina, lo que genera un Cross-Site Scripting reflejado que solo se puede usar contra usuarios no autenticados."}], "lastModified": "2025-05-28T15:32:06.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mynamedia:spiritual_gifts_survey_\\(and_optional_s.h.a.p.e_survey\\):*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "A5C5A887-C368-4886-B2B1-DC2D674D5405", "versionEndIncluding": "0.9.10"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}