What the vulnerability does
01Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Weblizar - WordPress Themes & Plugin About Author about-author allows Reflected XSS.This issue affects About Author: from n/a through <= 1.6.2.
Explanation of Vulnerability in Simple Terms
02Summary
The About Author plugin for WordPress contains a stored cross-site scripting (XSS) vulnerability in versions up to 1.6.2. An attacker can inject malicious scripts that execute in the browsers of site visitors and administrators. The vulnerability requires user interaction to trigger, but affects the entire site scope. Stored XSS can lead to session hijacking, credential theft, or malware distribution.
What an attacker can do
03Attacker Capabilities
Inject malicious JavaScript that runs in visitors' browsers and steals session cookies, credentials, or redirects users to phishing sites.
Potential impact on your site
04Site Impact
Visitor accounts and admin sessions can be compromised; site reputation damaged if used to distribute malware or phishing.
Conditions required to exploit
05Prerequisites
No authentication required. Attacker needs a site visitor or admin to view a page containing the injected payload.
Key dates
06Disclosure timeline
April 1, 2025
CVE published
April 28, 2026
Record updated