Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from n/a through <= 1.10.
Published: 2025-02-14
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of input when generating web pages for the Easy Filter plugin allows a remote attacker to inject malicious scripts that execute in the victim’s browser. The vulnerability applies to all versions up to 1.10. An attacker can craft a URL or form input that will be reflected unescaped in the page, enabling script execution that can steal sessions, deface content, or spread malware.

Affected Systems

The affected product is the Easy Filter plugin developed by Roni Saha. Installations of the plugin version 1.10 or earlier are vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity, while the EPSS score of less than 1% shows that the likelihood of exploitation is currently low. The vulnerability is not listed in CISA KEV. Attackers would most likely exploit this via a crafted request delivered to a victim’s browser, possibly exploiting social engineering or phishing.

Generated by OpenCVE AI on May 1, 2026 at 16:26 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Easy Filter to the latest supported version that removes the XSS issue.
  • If an upgrade is not possible, disable or remove the Easy Filter plugin from the WordPress installation.
  • Ensure that all user-supplied input is properly escaped and validated before rendering it back in any page.

Generated by OpenCVE AI on May 1, 2026 at 16:26 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3420 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Filter allows Reflected XSS. This issue affects Easy Filter: from n/a through 1.10.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Filter allows Reflected XSS. This issue affects Easy Filter: from n/a through 1.10. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roni Saha Easy Filter easy-filter allows Reflected XSS.This issue affects Easy Filter: from n/a through <= 1.10.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00032}

 epss

{'score': 0.00035}

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00072}

 epss

{'score': 0.00032}

Fri, 14 Feb 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 14 Feb 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Easy Filter allows Reflected XSS. This issue affects Easy Filter: from n/a through 1.10.
Title WordPress Easy Filter Plugin <= 1.10 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:36:43.482Z

Reserved: 2025-01-16T11:30:13.734Z

Link: CVE-2025-23788

cve-icon Vulnrichment

Updated: 2025-02-14T15:50:24.995Z

cve-icon NVD

Status : Deferred

Published: 2025-02-14T13:15:47.143

Modified: 2026-06-17T08:57:12.673

Link: CVE-2025-23788

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T16:30:20Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')