CVE-2025-24810 MEDIUM

CVE-2025-24810

Vendor Rahe

Product Simple Image Sizes

Weakness CWE-79 · XSS

Published January 28, 2025

Last update January 28, 2025

View on NVD All CVEs

CVSS base score

4.8/10

Attack vector Network

Attack complexity Low

Privileges required High

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

What the vulnerability does

01Description

Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen.

Key dates

02Disclosure timeline

January 28, 2025 CVE published

January 28, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-24810 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2024-2293 Site Reviews <= 6.11.4 - Authenticated(Subscriber+) Stored Cross-Site Scripting via display name CVE-2018-25055 FarCry Solr Pro Plugin Search solrProSearch.cfc cross site scripting CVE-2017-7421 CVE-2025-46960 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2025-49958 WordPress Robokassa payment gateway for Woocommerce plugin <= 1.8.6 - Cross Site Scripting (XSS) vulnerability