CVE-2025-0368

CVE-2025-0368: Banner Garden Plugin for WordPress <= 0.1.3 - Reflected XSS

Vendor Unknown
Product Banner Garden Plugin for WordPress
Published February 4, 2025
Last update February 4, 2025

CVSS base score

What the vulnerability does

01Description

The Banner Garden Plugin for WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin or unauthenticated users.

Key dates

02Disclosure timeline

February 4, 2025 CVE published
February 4, 2025 Record updated