Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: from n/a through <= 1.0.11.
Published: 2025-10-22
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Post Connector plugin for WordPress fails to neutralize user-supplied input in the pages it generates. This reflected XSS flaw would let an attacker embed malicious script into a response that is immediately displayed to the victim user after following a crafted link or submitting a form. The injected code could steal credentials, hijack sessions, or alter page content. The vulnerability is a standard input validation flaw classified as CWE-79.

Affected Systems

Barry Kooij:Post Connector plugin for WordPress. Versions from the initial release up to and including 1.0.11 are affected. Any site running the plugin in these versions is vulnerable.

Risk and Exploitability

The CVSS score of 7.1 indicates a high severity with potential for significant impact, though the EPSS score below 1 % shows a very low probability of exploitation at present. The flaw can be triggered via a specially crafted request containing script code, typically delivered through a URL or form submission. Because the vulnerability is reflected, it requires a victim to open a malicious link or submit a form, making it a targeted threat that can be mitigated by updates and input sanitization.

Generated by OpenCVE AI on April 29, 2026 at 16:36 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Post Connector plugin to a version newer than 1.0.11 that addresses the XSS issue.
  • Ensure that any user-supplied data passed through the plugin is properly sanitized or escaped before rendering, following best practices for XSS mitigation.
  • Configure a web application firewall or equivalent to block requests containing script tags or malicious JavaScript patterns targeted at the plugin inputs.

Generated by OpenCVE AI on April 29, 2026 at 16:36 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 30 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Tue, 20 Jan 2026 15:30:00 +0000

Type Values Removed Values Added
References

Tue, 20 Jan 2026 14:45:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:30:00 +0000

Type Values Removed Values Added
References

Thu, 13 Nov 2025 11:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 13 Nov 2025 10:45:00 +0000

Type Values Removed Values Added
References

Thu, 23 Oct 2025 10:30:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Wed, 22 Oct 2025 21:30:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.0, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Wed, 22 Oct 2025 14:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Barry Kooij Post Connector post-connector allows Reflected XSS.This issue affects Post Connector: from n/a through <= 1.0.11.
Title WordPress Post Connector Plugin <= 1.0.11 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T19:02:00.370Z

Reserved: 2025-06-19T10:02:47.062Z

Link: CVE-2025-52741

cve-icon Vulnrichment

Updated: 2025-10-22T20:33:45.622Z

cve-icon NVD

Status : Deferred

Published: 2025-10-22T15:15:44.213

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-52741

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-29T16:45:15Z

Weaknesses