Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.
Published: 2025-04-11
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An improper neutralization of input during web page generation in the Magnigenie RestroPress WordPress plugin allows an attacker to inject malicious scripts that are reflected back to users who visit crafted URLs. This reflected XSS flaw can be leveraged to steal user session cookies, deface the site, or redirect victims to phishing pages, thereby compromising confidentiality, integrity, and availability of the web application. The weakness is classified as CWE‑79.

Affected Systems

WordPress sites running the Magnigenie RestroPress plugin version 3.2.8.4 or earlier are affected. The vulnerability applies to all deployments of the plugin that have not been updated to a newer release that corrects the input sanitization issue.

Risk and Exploitability

The CVSS score of 7.1 indicates a high‑impact vulnerability, yet the EPSS score of less than 1% reflects a very low likelihood of exploitation at this time, and the vulnerability is not listed in CISA's KEV catalog. The likely attack vector is a remote, unauthenticated user visiting a URL containing malicious payloads that the plugin echoes back in the response. Successful exploitation would allow an attacker to hijack user sessions, spread malicious content, or manipulate website content.

Generated by OpenCVE AI on April 30, 2026 at 23:08 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade RestroPress to a version newer than 3.2.8.4 that includes the proper input sanitization fix.
  • If an immediate upgrade is not feasible, disable the plugin or remove the affected feature until a patched version is available to prevent reflected XSS from being triggered.
  • Apply additional input validation or a Web Application Firewall rule that rejects or sanitizes suspicious URL parameters to block the reflected script injection attempt.

Generated by OpenCVE AI on April 30, 2026 at 23:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-10770 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4.
History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.6. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.
Title WordPress RestroPress plugin <= 3.2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability WordPress RestroPres plugin <= 3.2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.6.
Title WordPress RestroPres plugin <= 3.2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability WordPress RestroPress plugin <= 3.2.8.6 - Reflected Cross Site Scripting (XSS) vulnerability
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress restropress allows Reflected XSS.This issue affects RestroPress: from n/a through <= 3.2.8.4.
Title WordPress RestroPres Plugin <= 3.1.8.4 - Reflected Cross Site Scripting (XSS) vulnerability WordPress RestroPres plugin <= 3.2.8.4 - Reflected Cross Site Scripting (XSS) vulnerability
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Fri, 11 Apr 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 11 Apr 2025 09:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnigenie RestroPress allows Reflected XSS. This issue affects RestroPress: from n/a through 3.1.8.4.
Title WordPress RestroPres Plugin <= 3.1.8.4 - Reflected Cross Site Scripting (XSS) vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Magnigenie Restropress
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:24.004Z

Reserved: 2025-04-09T11:19:56.432Z

Link: CVE-2025-32553

cve-icon Vulnrichment

Updated: 2025-04-11T14:00:54.851Z

cve-icon NVD

Status : Deferred

Published: 2025-04-11T09:15:27.413

Modified: 2026-04-28T19:31:42.497

Link: CVE-2025-32553

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T23:15:05Z

Weaknesses