CVE-2025-57940 MEDIUM

CVE-2025-57940: WordPress Append extensions on Pages Plugin <= 1.1.2 - Cross Site Scripting (XSS) Vulnerability

Vendor Suresh Kumar Mukhiya
Product Append extensions on Pages
Weakness CWE-79 · XSS
Published September 22, 2025
Last update April 28, 2026
View on NVD All CVEs

CVSS base score

5.9/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Suresh Kumar Mukhiya Append extensions on Pages append-extensions-on-pages allows Stored XSS.This issue affects Append extensions on Pages: from n/a through <= 1.1.2.

Key dates

02Disclosure timeline

September 22, 2025 CVE published
April 28, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-14555 Countdown Timer - Widget Countdown <= 2.7.7 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2019-1673 Cisco Identity Services Engine Cross-Site Scripting Vulnerability CVE-2026-34739 AVideo: Reflected XSS via Unescaped ip Parameter in User_Location testIP.php CVE-2023-47554 WordPress Actueel Financieel Nieuws – Denk Internet Solutions Plugin <= 5.1.0 is vulnerable to Cross Site Scripting (XSS) CVE-2025-64620 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79)