Home

Description

The Markup Markdown WordPress plugin before 3.20.10 allows links to contain JavaScript which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

PUBLISHED Reserved 2025-08-27 | Published 2025-09-22 | Updated 2025-09-22 | Assigner WPScan

Problem types

CWE-79 Cross-Site Scripting (XSS)

Product status

Default status
unaffected

Any version before 3.20.10
affected

Credits

Bob Matyas finder

WPScan coordinator

References

wpscan.com/...rability/3828b320-9f7b-4a2a-a6b0-200b023d602c/ exploit vdb-entry technical-description

cve.org (CVE-2025-9541)

nvd.nist.gov (CVE-2025-9541)

Download JSON