Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abhishek Kumar Frizzly frizzly allows Reflected XSS.This issue affects Frizzly: from n/a through <= 1.1.0.
Published: 2025-04-01
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of input during web page generation allows malicious content to be reflected back to a user’s browser. The flaw resides in the Frizzly WordPress plugin and can be leveraged to inject arbitrary JavaScript that executes in the context of the site, potentially hijacking user sessions, defacing pages, or facilitating phishing attacks. The vulnerability is classified as a CWE‑79 XSS issue and carries a CVSS score of 7.1, indicating moderate‑to‑high severity for users exposed to the affected code.

Affected Systems

The Flaw affects the Abhishek Kumar Frizzly plugin, versions from its initial release up to and including 1.1.0. Any WordPress installation that has this plugin installed and enabled without an updated version is at risk.

Risk and Exploitability

The EPSS score is less than 1%, suggesting low current exploitation probability, and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an attacker to supply a crafted URL or input that the plugin reflects unescaped, leading a victim to visit a malicious link. While the attack vector is predominantly user‑initiated, the impact on the victim’s browser renders it a serious concern for sites that rely on Frizzly for safe browsing or link handling.

Generated by OpenCVE AI on May 1, 2026 at 01:33 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Frizzly plugin to the latest version (≥1.1.1) which contains the XSS fix.
  • If an upgrade is not immediately possible, disable or remove the Frizzly plugin until a patch is applied.
  • Implement a content security policy that restricts script execution to trusted sources, mitigating the impact should the vulnerability be leveraged.

Generated by OpenCVE AI on May 1, 2026 at 01:33 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-9483 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Frizzly allows Reflected XSS. This issue affects Frizzly: from n/a through 1.1.0.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Frizzly allows Reflected XSS. This issue affects Frizzly: from n/a through 1.1.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abhishek Kumar Frizzly frizzly allows Reflected XSS.This issue affects Frizzly: from n/a through <= 1.1.0.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Tue, 01 Apr 2025 21:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Frizzly allows Reflected XSS. This issue affects Frizzly: from n/a through 1.1.0.
Title WordPress Frizzly plugin <= 1.1.0 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:53.936Z

Reserved: 2025-03-24T12:59:58.192Z

Link: CVE-2025-30554

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2025-04-01T21:15:44.443

Modified: 2026-04-23T15:26:51.393

Link: CVE-2025-30554

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T01:45:05Z

Weaknesses