Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0.
Published: 2025-08-20
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An input‑validation flaw lets an attacker inject malicious script into the page that is returned to the visitor. When a user requests a page that includes unsanitized data from the Raptive Ads plugin, the script is executed in the victim's browser. This reflected XSS can be used to steal session cookies, deface the site, or redirect users to phishing pages. The flaw is the typical Cross‑Site Scripting weakness where output is not properly neutralized.

Affected Systems

WordPress sites that use the Raptive Ads (adthrive‑ads) plugin, versions up to and including 3.8.0, are affected. The vulnerability applies to all installations of that plugin regardless of the hosting environment, as the flaw exists in the plugin code itself and is triggered by user‑supplied input.

Risk and Exploitability

The CVSS score of 7.1 indicates high impact, while the EPSS score of less than 1% suggests that exploitation is currently rare. The flaw is not listed in CISA's KEV catalog, and no active exploit is publicly documented. Nevertheless, because reflected XSS can be triggered by a crafted URL, a potential attacker could embed malicious links in external content or social media to reach unsuspecting visitors.

Generated by OpenCVE AI on April 30, 2026 at 08:34 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Raptive Ads plugin to the latest available version (greater than 3.8.0) where the input sanitization is implemented.
  • If an upgrade cannot be performed immediately, disable the Raptive Ads plugin or remove it from the site to eliminate the vulnerable code.
  • As a temporary defense, configure a web application firewall or use server‑side input sanitization to escape any output generated by the plugin, and enforce a strict Content Security Policy that blocks execution of inline scripts.

Generated by OpenCVE AI on April 30, 2026 at 08:34 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28514 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.8.0.
History

Wed, 29 Apr 2026 10:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.8.0. Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads adthrive-ads allows Reflected XSS.This issue affects Raptive Ads: from n/a through <= 3.8.0.
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Thu, 21 Aug 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Raptive
Raptive raptive Ads
Wordpress
Wordpress wordpress
Vendors & Products Raptive
Raptive raptive Ads
Wordpress
Wordpress wordpress

Wed, 20 Aug 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 20 Aug 2025 08:15:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Raptive Raptive Ads allows Reflected XSS. This issue affects Raptive Ads: from n/a through 3.8.0.
Title WordPress Raptive Ads Plugin <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L'}

Subscriptions

Raptive Raptive Ads
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-29T09:51:55.656Z

Reserved: 2025-06-27T11:59:14.509Z

Link: CVE-2025-53319

cve-icon Vulnrichment

Updated: 2025-08-20T14:17:04.226Z

cve-icon NVD

Status : Deferred

Published: 2025-08-20T08:15:41.827

Modified: 2026-04-29T10:16:49.610

Link: CVE-2025-53319

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T08:45:16Z

Weaknesses