cleantalk
Vulnerabilities and Security Researches

WP Image Mask, CVE-2025-48235

CVE, Research URL

CVE-2025-48235

Home page URL

Security reports for WP Image Mask

Application

WP Image Mask

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bogdan Bendziukov WP Image Mask allows DOM-Based XSS. This issue affects WP Image Mask: from n/a through 3.1.2.
Affected versions
Min -, max 3.1.3.
Status
vulnerable
Previous vulnerability researches
Bot for Telegram on WooCommerce (CVE-2024-9821) , Oct 14, 2024
Bot for Telegram on WooCommerce (CVE-2025-48268) , May 24, 2025
New vulnerability
Additional Custom Emails for WooCommerce (CVE-2025-48251) , May 24, 2025
WP SMTP (CVE-2025-1123) , May 24, 2025
Bot for Telegram on WooCommerce (CVE-2025-48268) , May 24, 2025
WP Image Mask (CVE-2025-48235) , May 23, 2025
TablePress – Tables in WordPress made easy (CVE-2025-5096) , May 23, 2025