CVE-2025-1561

Name of the Vulnerable Software and Affected Versions: AppPresser – Mobile App Framework plugin for WordPress versions up to, and including, 4.4.10

Description: The AppPresser – Mobile App Framework plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the title parameter due to insufficient input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts in pages when logging is enabled, which will execute whenever a user accesses an injected page.

Recommendations: For AppPresser – Mobile App Framework plugin for WordPress versions up to, and including, 4.4.10, update to a version later than 4.4.10 to resolve the issue. As a temporary workaround, consider disabling the logging feature to minimize the risk of exploitation. Restrict access to pages that may have been injected with malicious scripts to prevent further exploitation.