CVE-2025-22735

Name of the Vulnerable Software and Affected Versions TaxoPress WordPress Tag Cloud Plugin – Tag Groups versions prior to 2.0.4

Description The issue is related to improper neutralization of input during web page generation, allowing reflected Cross-site Scripting (XSS). This enables attackers to inject malicious scripts into web pages. The problem affects the Tag Cloud plugin of WordPress, specifically the Tag Groups component.

Recommendations For versions prior to 2.0.4, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the Tag Cloud plugin to minimize the risk of exploitation.