CVE-2025-62043

MEDIUM

WordPress WPCasa plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability

Title source: cna

Description

Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.

References (1)

[Vdb Entry] https://patchstack.com/database/wordpress/plugin/wpcasa/vulnerability/wordpress-wpcasa-plugin-1-4-1-cross-site-scripting-xss-vulnerability?_s_id=cve

Scores

CVSS v3 6.5

EPSS 0.0002

EPSS Percentile 4.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Details

CWE

CWE-79

Status published

Products (1)

WPSight/WPCasa < 1.4.1

Published Mar 19, 2026

Tracked Since Mar 19, 2026