cleantalk
Vulnerabilities and Security Researches

AAWP Obfuscator, CVE-2025-3432

CVE, Research URL

CVE-2025-3432

Home page URL

Security reports for AAWP Obfuscator

Application

AAWP Obfuscator

Published on
Apr 08, 2025
Research Description
The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.0.
Status
vulnerable
Previous vulnerability researches
AB Google Map Travel (AB-MAP) (CVE-2025-31613) , Apr 03, 2025
AB Google Map Travel (AB-MAP) (CVE-2015-2755) , Jun 06, 2024
New vulnerability
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages (CVE-2025-26992) , Apr 17, 2025
SKT Blocks – Gutenberg based Page Builder (CVE-2025-26998) , Apr 17, 2025
DN Shipping by Weight for WooCommerce (CVE-2025-32535) , Apr 17, 2025
Sign-up Sheets (CVE-2025-26996) , Apr 17, 2025
Cart66 Cloud :: WordPress Ecommerce The Easy Way (CVE-2025-32653) , Apr 17, 2025