CVE-2025-49948

Name of the Vulnerable Software and Affected Versions WP Super Edit versions through 2.5.4

Description The software contains a flaw related to improper handling of user-supplied data during web page creation, which can lead to Reflected Cross-Site Scripting (XSS). This means that malicious code can be injected into a website, potentially allowing an attacker to execute scripts in the context of a user's browser. The vulnerability exists due to insufficient input validation or sanitization when generating web pages. The affected component is wp-super-edit.

Recommendations Update WP Super Edit to a version later than 2.5.4.