PT-2025-47995 · WordPress · Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile
Dayea Song
·
Published
2025-11-25
·
Updated
2025-11-25
·
CVE-2025-12032
CVSS v3.1
4.4
Medium
| Vector | AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile plugin for WordPress versions up to and including 1.0.0
Description
The Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the
vithanhlam zsocial save messager, vithanhlam zsocial save zalo, vithanhlam zsocial save hotline, and vithanhlam zsocial save contact parameters. An authenticated attacker with administrator-level access can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only affects multi-site installations and installations where unfiltered html has been disabled.Recommendations
Update the Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile plugin to a version later than 1.0.0.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Zweb Social Mobile – Ứng Dụng Nút Gọi Mobile