Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1.
Published: 2025-08-14
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of user input during web page generation allows an attacker to inject malicious scripts that run in the victim’s browser. The flaw is a reflected XSS vulnerability in the redqteam Alike – WordPress Custom Post Comparison plugin. If successfully exploited, attackers could steal session cookies, deface content, or redirect users to malicious sites.

Affected Systems

The issue affects the redqteam Alike – WordPress Custom Post Comparison plugin on WordPress sites. Versions from the earliest available through and including 3.0.1 are vulnerable. Any WordPress installation that has this plugin deployed and has not applied a newer version is at risk.

Risk and Exploitability

The CVSS score of 7.1 indicates a medium‑to‑high severity flaw, while the EPSS score of less than 1% suggests a low likelihood of active exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. Attackers would need only to craft a malicious URL and lure a user to that link; authentication or elevated privileges are not required. The flaw operates entirely via the web interface and does not require additional system access.

Generated by OpenCVE AI on May 1, 2026 at 06:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to the latest version of the Alike – WordPress Custom Post Comparison plugin that addresses the XSS flaw.
  • If an immediate upgrade is not possible, disable or uninstall the plugin to block the vulnerable code.
  • Apply proper input validation and escaping on any user‑supplied data rendered by the plugin, ensuring compliance with CWE-79 best practices.

Generated by OpenCVE AI on May 1, 2026 at 06:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-24732 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison alike allows Reflected XSS.This issue affects Alike - WordPress Custom Post Comparison: from n/a through <= 3.0.1.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Sat, 16 Aug 2025 21:45:00 +0000

Type Values Removed Values Added
First Time appeared Redqteam
Redqteam alike Wordpress Custom Post Comparison
Wordpress
Wordpress wordpress
Vendors & Products Redqteam
Redqteam alike Wordpress Custom Post Comparison
Wordpress
Wordpress wordpress

Thu, 14 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 14 Aug 2025 10:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in redqteam Alike - WordPress Custom Post Comparison allows Reflected XSS. This issue affects Alike - WordPress Custom Post Comparison: from n/a through 3.0.1.
Title WordPress Alike - WordPress Custom Post Comparison <= 3.0.1 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Redqteam Alike Wordpress Custom Post Comparison
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:52.040Z

Reserved: 2025-03-11T08:10:36.160Z

Link: CVE-2025-28975

cve-icon Vulnrichment

Updated: 2025-08-14T19:46:49.339Z

cve-icon NVD

Status : Deferred

Published: 2025-08-14T11:15:31.393

Modified: 2026-04-23T15:26:42.650

Link: CVE-2025-28975

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T06:45:11Z

Weaknesses