CVE-2025-32515 HIGH

CVE-2025-32515: WordPress Terminal Africa plugin <= 1.13.24 - Cross Site Scripting (XSS) vulnerability

Vendor Terminalafrica
Product Terminal Africa
Weakness CWE-79 · XSS
Published April 17, 2025
Last update April 28, 2026

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in terminalafrica Terminal Africa terminal-africa allows Reflected XSS.This issue affects Terminal Africa: from n/a through <= 1.13.24.

Explanation of Vulnerability in Simple Terms

02Summary

Terminal Africa versions up to 1.13.24 contain a cross-site scripting (XSS) vulnerability that allows attackers to inject malicious scripts into web pages. An attacker can craft a malicious link that, when clicked by a site visitor, executes arbitrary JavaScript in the victim's browser. This can lead to session hijacking, credential theft, or defacement. The vulnerability affects all users who click a crafted link.

What an attacker can do

03Attacker Capabilities

Inject and execute malicious JavaScript in a visitor's browser to steal session cookies, credentials, or deface the site.

Potential impact on your site

04Site Impact

Visitors clicking attacker-controlled links may have their sessions hijacked or credentials stolen; site reputation and user trust at risk.

Conditions required to exploit

05Prerequisites

An attacker must trick a site visitor into clicking a malicious link (no authentication required).

Key dates

06Disclosure timeline

April 17, 2025 CVE published
April 28, 2026 Record updated