CVE-2025-28253

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVSS

No CVSS.

References

No reference.

Configurations

No configuration.

History

07 Apr 2025, 20:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.1
v2 : unknown
v3 : unknown
Summary (en) Cross-Site Scripting (XSS) vulnerability in MainWP MainWP Dashboard v5.3.4 exists in class/class-mainwp-post-handler.php, where unsanitized user input from $_POST['sites'], $_POST['clients'], and $_POST['search'] is passed into the MainWP_User::render_table function. Despite using sanitize_text_field and wp_unslash, the values are not adequately protected against HTML or script injection. This flaw could allow an attacker to inject malicious scripts. (en) Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CWE CWE-79
References
  • {'url': 'https://github.com/edwin-0990/CVE_ID/tree/main/CVE-2025-28253', 'source': 'cve@mitre.org'}

28 Mar 2025, 16:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 6.1
CWE CWE-79

27 Mar 2025, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-27 23:15

Updated : 2025-04-07 20:15


NVD link : CVE-2025-28253

Mitre link : CVE-2025-28253

CVE.ORG link : CVE-2025-28253


JSON object : View

Products Affected

No product.

CWE

No CWE.