CVE-2025-46542: WordPress Xpert Tab <= 1.3 - Cross Site Scripting (XSS) Vulnerability
First published: Thu Apr 24 2025(Updated: )
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeXpert Xpert Tab allows Stored XSS. This issue affects Xpert Tab: from n/a through 1.3.
Credit: audit@patchstack.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| WordPress Xpert Tab | <=1.3 | |
| WordPress Xpert Tab | <=1.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the severity of CVE-2025-46542?
CVE-2025-46542 is classified as a high severity vulnerability due to its potential for allowing Stored XSS attacks.
How do I fix CVE-2025-46542?
To fix CVE-2025-46542, upgrade the Xpert Tab plugin to version 1.4 or later, which patches the vulnerability.
What is Stored XSS in the context of CVE-2025-46542?
Stored XSS refers to the vulnerability allowing attackers to inject malicious scripts that are stored on the server and executed when users access the affected web page.
What products are affected by CVE-2025-46542?
CVE-2025-46542 affects ThemeXpert Xpert Tab versions up to and including 1.3.
What impacts can CVE-2025-46542 have on my website?
Exploitation of CVE-2025-46542 can lead to unauthorized access to user data, session hijacking, and malware distribution.
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/author
- agent/event
- collector/epss-latest
- source/FIRST
- agent/source
- agent/tags
- agent/epss
- vendor/themexpert
- canonical/wordpress xpert tab
- vendor/wordpress