cleantalk
Vulnerabilities and Security Researches

WP Image Mask, CVE-2025-48235

CVE, Research URL

CVE-2025-48235

Home page URL

Security reports for WP Image Mask

Application

WP Image Mask

Published on
May 19, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bogdan Bendziukov WP Image Mask allows DOM-Based XSS. This issue affects WP Image Mask: from n/a through 3.1.2.
Affected versions
Min -, max 3.1.3.
Status
vulnerable
Previous vulnerability researches
Product Code for WooCommerce (CVE-2023-51669) , Jun 07, 2024
Product Code for WooCommerce (CVE-2025-48264) , May 22, 2025
New vulnerability
Bot for Telegram on WooCommerce (CVE-2025-48268) , May 24, 2025
WP Image Mask (CVE-2025-48235) , May 23, 2025
TablePress – Tables in WordPress made easy (CVE-2025-5096) , May 23, 2025
Raisely Donation Form (CVE-2025-3781) , May 23, 2025
Simplelightbox (CVE-2024-5878) , May 23, 2025