First published: Sat Mar 15 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zzmaster WP AntiDDOS allows Reflected XSS. This issue affects WP AntiDDOS: from n/a through 2.0.
Credit: audit@patchstack.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress WP AntiDDOS | <=2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-26556 is classified as a medium severity vulnerability due to its ability to allow reflected cross-site scripting attacks.
To fix CVE-2025-26556, update WP AntiDDOS to version 2.0 or higher, as earlier versions are vulnerable.
CVE-2025-26556 can facilitate reflected cross-site scripting attacks that may compromise user data or session integrity.
CVE-2025-26556 affects all versions of WP AntiDDOS up to and including version 2.0.
Any user or administrator of the WP AntiDDOS plugin on WordPress sites using versions up to 2.0 is impacted by CVE-2025-26556.