Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from n/a through <= 0.3.3.
Published: 2025-02-14
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Live Dashboard plugin for WordPress suffers from a Reflected Cross‑Site Scripting flaw. Improper neutralization of input permits attackers to inject arbitrary JavaScript when a victim visits a specially crafted URL. This can lead to theft of session cookies, unauthorized actions performed on behalf of the user, and defacement of the page.

Affected Systems

The vulnerability affects any installation of the Mike Martel Live Dashboard plugin with a version number of 0.3.3 or earlier. No other product versions are impacted.

Risk and Exploitability

With a CVSS base score of 7.1 the flaw is considered high severity. The exploitation probability is very low (EPSS < 1 %) and it is not listed in the CISA KEV catalog. Attacking requires an active user to click a malicious link, so it is a user‑interaction XSS, but once triggered it can compromise confidentiality and integrity of the victim’s session. The risk is therefore a moderate‑to‑high threat for environments that expose the plugin’s URLs to external users.

Generated by OpenCVE AI on May 1, 2026 at 16:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Live Dashboard plugin to the latest version that includes an XSS fix.
  • If an update is not available, configure a strict Content Security Policy that forbids inline scripts and untrusted sources.
  • Disable or remove the Live Dashboard plugin if it is not essential for site functionality.

Generated by OpenCVE AI on May 1, 2026 at 16:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3200 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard allows Reflected XSS. This issue affects Live Dashboard: from n/a through 0.3.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard allows Reflected XSS. This issue affects Live Dashboard: from n/a through 0.3.3. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard live-dashboard allows Reflected XSS.This issue affects Live Dashboard: from n/a through <= 0.3.3.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00032}

 epss

{'score': 0.00035}

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00072}

 epss

{'score': 0.00032}

Fri, 14 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 14 Feb 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mike Martel Live Dashboard allows Reflected XSS. This issue affects Live Dashboard: from n/a through 0.3.3.
Title WordPress Live Dashboard plugin <= 0.3.3 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:10.295Z

Reserved: 2025-01-16T11:25:13.028Z

Link: CVE-2025-23474

cve-icon Vulnrichment

Updated: 2025-02-14T15:36:30.925Z

cve-icon NVD

Status : Deferred

Published: 2025-02-14T13:15:43.437

Modified: 2026-06-17T08:54:39.667

Link: CVE-2025-23474

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T16:45:20Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')