PT-2025-38691 · WordPress · Markup Markdown
Minseok Kim
·
Published
2025-09-22
·
Updated
2025-09-22
·
CVE-2025-9540
CVSS v3.1
4.7
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Markup Markdown WordPress plugin versions prior to 3.20.10
Description
The plugin allows links to contain JavaScript, potentially enabling users with contributor or higher roles to execute Stored Cross-Site Scripting attacks.
Recommendations
Update the Markup Markdown WordPress plugin to version 3.20.10 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Markup Markdown