CVE-2025-12264 MEDIUM

CVE-2025-12264: Wisencode Create Support Ticket create cross site scripting

Vendor N/A

Product Wisencode

Weakness CWE-79 · XSS

Published October 27, 2025

Last update October 27, 2025

View on NVD All CVEs

CVSS base score

5.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction —

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X

What the vulnerability does

01Description

A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results in cross site scripting. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Key dates

02Disclosure timeline

October 27, 2025 CVE published

October 27, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-12264 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2026-2719 Private WP suite <= 0.4.1 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'Exceptions' Setting CVE-2023-27629 WordPress Site Reviews Plugin <= 6.5.1 is vulnerable to Cross Site Scripting (XSS) CVE-2025-31861 WordPress Perfect Font Awesome Integration Plugin <= 2.3 - Stored Cross Site Scripting (XSS) vulnerability CVE-2026-22349 WordPress Menu In Post plugin <= 1.4.1 - Cross Site Scripting (XSS) vulnerability CVE-2024-1484 Booking for Appointments and Events Calendar – Amelia <= 1.0.98 - Reflected Cross-Site Scripting