Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vipul Jariwala WP Post Corrector wp-post-corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through <= 1.0.2.
Published: 2025-01-15
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an improper neutralization of input during page generation within the WP Post Corrector plugin. An attacker can inject malicious JavaScript into reflected parameters, causing the script to run in the victim’s browser. This can lead to cookie theft, session hijacking, defacement or unintended navigation, compromising the confidentiality and integrity of user data that is displayed on the site.

Affected Systems

The plugin is identified as WP Post Corrector, authored by vipul Jariwala. The flaw exists in versions from the earliest available release up to and including version 1.0.2. WordPress sites that have installed any of those vulnerable plugin versions are at risk, regardless of site configuration or user role.

Risk and Exploitability

The CVSS score of 7.1 indicates moderate to high severity. The EPSS score of less than 1% suggests a relatively low yet non-zero probability of exploitation in the wild. It is not currently listed in CISA KEV. The likely attack vector is a reflected XSS through blog post or content fields that echo user-supplied data without proper sanitization, and an attacker must attract a victim browser to the crafted URL to succeed. Because the flaw lies in client‑side rendering, active exploitation requires user interaction, but once triggered it can execute arbitrary scripts.

Generated by OpenCVE AI on May 1, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade WP Post Corrector to a version newer than 1.0.2, or uninstall the plugin if no patch is available.
  • If an upgrade cannot be performed, deactivate or remove the plugin from the WordPress installation to eliminate the reflected XSS surface.
  • For sites that must remain online with the vulnerable plugin, enforce a stringent Content Security Policy and apply server‑side input sanitization to strip or escape any JavaScript before rendering user‑supplied content.

Generated by OpenCVE AI on May 1, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-2978 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebs Team - VA Jariwala WP Post Corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through 1.0.2.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebs Team - VA Jariwala WP Post Corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through 1.0.2. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vipul Jariwala WP Post Corrector wp-post-corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through <= 1.0.2.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 15 Jan 2025 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 15 Jan 2025 15:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebs Team - VA Jariwala WP Post Corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through 1.0.2.
Title WordPress WP Post Corrector Plugin <= 1.0.2 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:06.671Z

Reserved: 2025-01-07T21:04:45.367Z

Link: CVE-2025-22764

cve-icon Vulnrichment

Updated: 2025-01-15T19:09:33.874Z

cve-icon NVD

Status : Deferred

Published: 2025-01-15T16:15:39.373

Modified: 2026-04-23T15:23:34.467

Link: CVE-2025-22764

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T21:45:09Z

Weaknesses