cleantalk
Vulnerabilities and Security Researches

AAWP Obfuscator, CVE-2025-3432

CVE, Research URL

CVE-2025-3432

Home page URL

Security reports for AAWP Obfuscator

Application

AAWP Obfuscator

Published on
Apr 08, 2025
Research Description
The AAWP Obfuscator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data-aawp-web' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.0.
Status
vulnerable
Previous vulnerability researches
CK and SyntaxHighlighter (CVE-2024-54407) , Dec 18, 2024
SyntaxHighlighter Evolved (CVE-2025-30903) , Apr 02, 2025
SyntaxHighlighter Evolved (c494dc7f95d72cc819f6f0adec43f9ed8934a216) , Jun 07, 2024
New vulnerability
WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log (CVE-2025-39544) , Apr 17, 2025
Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages (CVE-2025-26992) , Apr 17, 2025
SKT Blocks – Gutenberg based Page Builder (CVE-2025-26998) , Apr 17, 2025
DN Shipping by Weight for WooCommerce (CVE-2025-32535) , Apr 17, 2025
Sign-up Sheets (CVE-2025-26996) , Apr 17, 2025