{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-24810", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "state": "PUBLISHED", "assignerShortName": "jpcert", "dateReserved": "2025-01-24T05:18:38.886Z", "datePublished": "2025-01-28T04:36:53.852Z", "dateUpdated": "2025-01-28T14:59:09.996Z"}, "containers": {"cna": {"affected": [{"vendor": "Rahe", "product": "Simple Image Sizes", "versions": [{"version": "3.2.3 and earlier", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen."}], "problemTypes": [{"descriptions": [{"description": "Cross-site scripting (XSS)", "lang": "en-US", "cweId": "CWE-79", "type": "CWE"}]}], "references": [{"url": "https://wordpress.org/plugins/simple-image-sizes/#developers"}, {"url": "https://jvn.jp/en/jp/JVN88046370/"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en-US", "value": "GENERAL"}], "cvssV3_0": {"version": "3.0", "baseSeverity": "MEDIUM", "baseScore": 4.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-01-28T04:36:53.852Z"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-01-28T14:59:00.362003Z", "id": "CVE-2025-24810", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T14:59:09.996Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-24810", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-01-28T14:59:00.362003Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-28T14:59:05.803Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_0": {"version": "3.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N"}, "scenarios": [{"lang": "en-US", "value": "GENERAL"}]}], "affected": [{"vendor": "Rahe", "product": "Simple Image Sizes", "versions": [{"status": "affected", "version": "3.2.3 and earlier"}]}], "references": [{"url": "https://wordpress.org/plugins/simple-image-sizes/#developers"}, {"url": "https://jvn.jp/en/jp/JVN88046370/"}], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen."}], "problemTypes": [{"descriptions": [{"lang": "en-US", "type": "CWE", "cweId": "CWE-79", "description": "Cross-site scripting (XSS)"}]}], "providerMetadata": {"orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert", "dateUpdated": "2025-01-28T04:36:53.852Z"}}}, "cveMetadata": {"cveId": "CVE-2025-24810", "state": "PUBLISHED", "dateUpdated": "2025-01-28T14:59:09.996Z", "dateReserved": "2025-01-24T05:18:38.886Z", "assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "datePublished": "2025-01-28T04:36:53.852Z", "assignerShortName": "jpcert"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting vulnerability exists in Simple Image Sizes 3.2.3 and earlier. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is logging in to the product with the administrative privilege and accessing the settings screen."}, {"lang": "es", "value": "Existe una vulnerabilidad de Cross-site scripting en Simple Image Sizes 3.2.3 y versiones anteriores. Si se aprovecha esta vulnerabilidad, se puede ejecutar una script arbitraria en el navegador web del usuario que inicia sesi\u00f3n en el producto con privilegios administrativos y accede a la pantalla de configuraci\u00f3n."}], "id": "CVE-2025-24810", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N", "version": "3.0"}, "exploitabilityScore": 1.7, "impactScore": 2.7, "source": "[email protected]", "type": "Secondary"}]}, "published": "2025-01-28T05:15:11.413", "references": [{"source": "[email protected]", "url": "https://jvn.jp/en/jp/JVN88046370/"}, {"source": "[email protected]", "url": "https://wordpress.org/plugins/simple-image-sizes/#developers"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "[email protected]", "type": "Secondary"}]}

{}