CVE-2025-1486

Name of the Vulnerable Software and Affected Versions: WoWPth plugin versions prior to 2.0

Description: The issue concerns a Reflected Cross-Site Scripting problem. It arises because a parameter is not properly sanitized and escaped before being outputted back in the page. This could be exploited against high-privilege users, such as administrators.

Recommendations: For WoWPth plugin versions prior to 2.0, update to a version that properly sanitizes and escapes parameters before outputting them back in the page to prevent Reflected Cross-Site Scripting. At the moment, there is no information about a newer version that contains a fix for this vulnerability.