Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dashed-slug.net Bitcoin and Altcoin Wallets wallets allows Reflected XSS.This issue affects Bitcoin and Altcoin Wallets: from n/a through <= 6.3.1.
Published: 2025-02-03
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improperly sanitized input in the WordPress Bitcoin and Altcoin Wallets plugin allows attackers to inject JavaScript that is reflected back to the victim’s browser, enabling arbitrary script execution. This reflected XSS flaw (CWE-79) can be used to steal session cookies, deface the site, or redirect users to malicious pages.

Affected Systems

The vulnerability affects the Bitcoin and Altcoin Wallets plugin developed by dashed‑slug.net for WordPress websites. Versions up to and including 6.3.1 are impacted; earlier releases may also contain the flaw but this is not confirmed.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity, while an EPSS score of less than 1% suggests low current exploitation probability. The flaw is not listed in the CISA KEV catalog. Attackers can exploit this reflected XSS by crafting a malicious link that includes the vulnerable parameter; victims who click the link or load the page will have arbitrary scripts executed in the context of their browser. The attack vector is remote and relies on user interaction, but once executed, it provides the adversary with the ability to compromise site integrity or steal user data.

Generated by OpenCVE AI on May 2, 2026 at 05:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the WordPress Bitcoin and Altcoin Wallets plugin to the latest version (≥ 6.3.2) once the vendor releases a patch.
  • If an update is not immediately feasible, remove or deactivate the plugin to eliminate the attack surface.
  • Implement a strict Content Security Policy that disallows inline scripts and restricts script sources to trusted origins, mitigating potential XSS impact.
  • Monitor for unusual redirects or JavaScript injection attempts to detect exploitation attempts.

Generated by OpenCVE AI on May 2, 2026 at 05:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3755 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandros Georgiou Bitcoin and Altcoin Wallets allows Reflected XSS. This issue affects Bitcoin and Altcoin Wallets: from n/a through 6.3.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandros Georgiou Bitcoin and Altcoin Wallets allows Reflected XSS. This issue affects Bitcoin and Altcoin Wallets: from n/a through 6.3.1. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dashed-slug.net Bitcoin and Altcoin Wallets wallets allows Reflected XSS.This issue affects Bitcoin and Altcoin Wallets: from n/a through <= 6.3.1.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00035}

 epss

{'score': 0.00045}

Mon, 03 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandros Georgiou Bitcoin and Altcoin Wallets allows Reflected XSS. This issue affects Bitcoin and Altcoin Wallets: from n/a through 6.3.1.
Title WordPress Bitcoin and Altcoin Wallets plugin <= 6.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-05-11T23:27:53.242Z

Reserved: 2025-01-23T14:50:18.328Z

Link: CVE-2025-24544

cve-icon Vulnrichment

Updated: 2025-02-03T16:06:36.422Z

cve-icon NVD

Status : Deferred

Published: 2025-02-03T15:15:23.990

Modified: 2026-06-17T08:59:12.200

Link: CVE-2025-24544

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T05:15:16Z

Weaknesses
  • CWE-79

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')