CVE-2025-1232

HIGH NUCLEI

Site Reviews < 7.2.5 - Unauthenticated Stored Cross-Site Scripting in Review Fields

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-1232 has a Nuclei detection template available — see the Nuclei card below for the Shodan/FOFA recon queries.

Description

The Site Reviews WordPress plugin before 7.2.5 does not properly sanitise and escape some of its Review fields, which could allow unauthenticated users to perform Stored XSS attacks

Nuclei Templates (1)

Site Reviews < 7.2.5 - Unauthenticated Stored XSS
HIGHVERIFIEDby 0x_Akoko
Shodan: http.component:"WordPress"
FOFA: body="site-reviews" || body="glsr-form"

References (1)

Core 1
Core References
Exploit, Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/c4ea8357-ddd7-48ac-80c9-15b924715b14/

Scores

CVSS v3 8.8
EPSS 0.0178
EPSS Percentile 75.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-79
Status published
Products (1)
geminilabs/site_reviews < 7.2.5
Published Mar 19, 2025
Tracked Since Feb 18, 2026