CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27306 – WordPress Pathomation plugin <= 2.5.1 - Stored Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-27306
24 Feb 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pathomation Pathomation allows Stored XSS. This issue affects Pathomation: from n/a through 2.5.1. The Pathomation plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in p... • https://patchstack.com/database/wordpress/plugin/pathomation/vulnerability/wordpress-pathomation-plugin-2-5-1-stored-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-52490 – WordPress Pathomation plugin <= 2.5.1 - Arbitrary File Upload vulnerability
https://notcve.org/view.php?id=CVE-2024-52490
20 Nov 2024 — Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1. La vulnerabilidad de carga sin restricciones de archivos con tipos peligrosos en Pathomation permite cargar un shell web a un servidor web. Este problema afecta a Pathomation: desde n/a hasta 2.5.1. The Pathomation plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, an... • https://patchstack.com/database/wordpress/plugin/pathomation/vulnerability/wordpress-pathomation-plugin-2-5-1-arbitrary-file-upload-vulnerability?_s_id=cve • CWE-434: Unrestricted Upload of File with Dangerous Type •