CVE-2025-2483

CVSS 3.0 Score 5.5 of 10 (medium)

Attack Complexity low
Integrity high
Privileges Required low
Confidentiality none
Availability none
Scope unchanged

Details

Published Apr 2, 2025
CWE ID 61

Summary

CVE-2025-2483 is a Reflected Cross-Site Scripting (XSS) vulnerability affecting the Gift Certificate Creator plugin for WordPress. Versions up to and including 1.1.0 are vulnerable to this issue. The ‘receip_address’ parameter, which is not properly sanitized or escaped, is the point of entry for attackers. By injecting malicious scripts into this parameter, unauthenticated attackers can execute arbitrary code on affected pages. Users are at risk if they are tricked into clicking on malicious links or visiting infected websites. This flaw could lead to data theft, session hijacking, or even full website takeover. It is strongly recommended that users update their plugin to the latest version as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share