How severe is CVE-2025-2279?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2025-2279?

This is classified as CWE-79, which is a common weakness in software security.

CVE-2025-2279

MEDIUM Year: 2025

CVSS v3 Score

5.9

Medium

Weakness Type

CWE-79

View all →

Vulnerability Description

The Maps WordPress plugin through 1.0.6 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

CVE-2018-6682

MEDIUM

CVSS:5.9(Medium)

Cross Site Scripting Exposure in McAfee True Key (TK) 4.0.0.0 and earlier allows local users to expose confidential data via a crafted web site.

CWE-792018

CVE-2019-14415

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in Veritas Resiliency Platform (VRP) before 3.4 HF1. A persistent cross-site scripting (XSS) vulnerability allows a malicious VRP user to inject malicious script into another u...

CWE-792019

CVE-2019-7000

MEDIUM

CVSS:5.9(Medium)

A Cross-Site Scripting (XSS) vulnerability in the Web UI of Avaya Aura Conferencing may allow code execution and potentially disclose sensitive information. Affected versions of Avaya Aura Conferencin...

CWE-792019

CVE-2020-13407

MEDIUM

CVSS:5.9(Medium)

Tufin SecureTrack < R20-2 GA contains reflected + stored XSS (as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or a...

CWE-792020