Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts igit-related-posts-with-thumb-images-after-posts allows Stored XSS.This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through <= 4.5.3.
Published: 2025-05-23
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A stored cross‑site scripting flaw in the IGIT Related Posts With Thumb Image After Posts plugin allows an attacker who can inject content into the site to persist malicious scripts. These scripts run in the browsers of all users who view affected pages, potentially leading to credential theft, session hijacking, defacement, or other malicious actions. The vulnerability is a classic example of CWE‑79: Improper Neutralization of Input During Web Page Generation.

Affected Systems

The weakness exists in phpaddicted’s IGIT Related Posts With Thumb Image After Posts plugin for WordPress, affecting all releases through version 4.5.3. No other products are listed.

Risk and Exploitability

The CVSS score of 6.5 indicates moderate severity, while the EPSS score of less than 1% suggests a low probability of widespread exploitation at this time. The vulnerability is not listed in the CISA KEV catalog, implying no known targeted exploitation. The likely attack vector requires the ability to insert or modify content via the plugin’s input fields or post editing interface; it is inferred that an authenticated user or an attacker who can inject content through the website’s admin interface could exploit it.

Generated by OpenCVE AI on April 30, 2026 at 19:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the IGIT Related Posts With Thumb Image After Posts plugin to the latest available version that includes input sanitization for post content.
  • If an update is not possible, deactivate or uninstall the plugin to eliminate the vulnerable code path.
  • After disabling the plugin, audit existing posts and other plugin configurations for embedded scripts and remove any suspicious code or restore from a clean backup.

Generated by OpenCVE AI on April 30, 2026 at 19:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28058 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts igit-related-posts-with-thumb-images-after-posts allows Stored XSS.This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through <= 4.5.3.
Title WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability WordPress IGIT Related Posts With Thumb Image After Posts plugin <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Fri, 23 May 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 23 May 2025 13:00:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n/a through 4.5.3.
Title WordPress IGIT Related Posts With Thumb Image After Posts <= 4.5.3 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:39.782Z

Reserved: 2025-04-24T14:23:19.972Z

Link: CVE-2025-46518

cve-icon Vulnrichment

Updated: 2025-05-23T14:54:54.289Z

cve-icon NVD

Status : Deferred

Published: 2025-05-23T13:15:36.723

Modified: 2026-04-23T15:30:09.583

Link: CVE-2025-46518

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T19:15:16Z

Weaknesses