PT-2026-5610 · WordPress · Library Viewer
Published
2026-02-02
·
Updated
2026-02-07
·
CVE-2025-15396
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Library Viewer WordPress plugin versions prior to 3.2.0
Description
The software does not properly sanitize and escape parameters before outputting them, resulting in a Reflected Cross-Site Scripting issue. This could potentially be used to target users with high privileges, such as administrators.
Recommendations
Update to version 3.2.0 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Library Viewer