Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
Published: 2025-09-22
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper neutralization of script‑related HTML tags allows basic XSS in the Strategy11 Team AWP Classifieds WordPress plugin. An attacker who can insert or edit content in a listing can place arbitrary JavaScript that executes in the context of any visitor to the site, potentially compromising session data and enabling further malicious actions.

Affected Systems

WordPress sites running the AWP Classifieds plugin from its initial release up to and including version 4.4.3 made by Strategy11 Team are vulnerable. The vulnerability is present in all affected plugin instances regardless of host WordPress version.

Risk and Exploitability

The CVSS score of 5.3 indicates a moderate severity while the EPSS score of less than 1% shows that the likelihood of live exploitation is currently low. The vulnerability is not listed in CISA’s KEV catalog. The most likely attack scenario is an attacker who can create or edit classified listings injecting malicious scripts, which then execute for other site visitors. Mitigation requires applying the vendor’s fix or otherwise disabling the plugin.

Generated by OpenCVE AI on April 30, 2026 at 00:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the AWP Classifieds plugin to the latest available version that addresses the XSS flaw
  • If an update is not yet available, consider disabling or uninstalling the plugin until a fix is released
  • Restrict user roles so that only trusted administrators can add or edit listings to limit potential injection vectors

Generated by OpenCVE AI on April 30, 2026 at 00:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30680 Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds allows Code Injection. This issue affects AWP Classifieds: from n/a through 4.3.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds allows Code Injection. This issue affects AWP Classifieds: from n/a through 4.3.5. Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds another-wordpress-classifieds-plugin allows Code Injection.This issue affects AWP Classifieds: from n/a through <= 4.4.3.
Title WordPress AWP Classifieds Plugin <= 4.3.5 - Content Injection Vulnerability WordPress AWP Classifieds plugin <= 4.4.3 - Content Injection vulnerability
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 24 Sep 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Strategy11
Strategy11 awp Classifieds
Wordpress
Wordpress wordpress
Vendors & Products Strategy11
Strategy11 awp Classifieds
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Team AWP Classifieds allows Code Injection. This issue affects AWP Classifieds: from n/a through 4.3.5.
Title WordPress AWP Classifieds Plugin <= 4.3.5 - Content Injection Vulnerability
Weaknesses CWE-80
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Strategy11 Awp Classifieds
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:38.753Z

Reserved: 2025-08-22T11:36:24.369Z

Link: CVE-2025-57928

cve-icon Vulnrichment

Updated: 2025-09-24T13:12:02.963Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:15:49.970

Modified: 2026-04-23T15:33:02.917

Link: CVE-2025-57928

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T00:45:24Z

Weaknesses