CVE-2025-9540 | THREATINT

Description

The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PUBLISHED Reserved 2025-08-27 | Published 2025-09-22 | Updated 2025-09-22 | Assigner WPScan

Problem types

CWE-79 Cross-Site Scripting (XSS)

Product status

Default status

unaffected

Any version before 3.20.10

affected

Credits

minseok Kim finder

WPScan coordinator

References

wpscan.com/...rability/79e606df-50a0-4639-b2d9-4a77111fd729/ exploit vdb-entry technical-description

cve.org (CVE-2025-9540)

nvd.nist.gov (CVE-2025-9540)

Download JSON