Easy Taxonomy Images <= 1.0.1 – Unauthenticated Stored Cross-Site Scripting | CVE 2025-53231 | Plugin Vulnerabilities

Description

The Easy Taxonomy Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Affects Plugins

easy-taxonomy-images

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c143afd2-020f-40de-9480-bf27f1c50327

Classification

Type

XSS

OWASP top 10

A7: Cross-Site Scripting (XSS)

CWE

CVSS

Miscellaneous

Original Researcher

Nguyen Xuan Chien

Verified

No

WPVDB ID

df23ab43-f5c4-401e-a1a2-7009b365bb0b

Timeline

Publicly Published

2025-06-18 (about 9 months ago)

Added

2026-02-26 (about 1 month ago)

Last Updated

2026-02-26 (about 1 month ago)

Other

Published

Title

Published

2023-01-11

Title

YouTube Channel < 3.23.0 - Contributor+ Stored XSS via Shortcode

Published

2015-08-26

Title

Navis DocumentCloud 0.1 - Unauthenticated Reflected Cross-Site Scripting (XSS)

Published

2021-11-15

Title

Display Post Metadata < 1.5.0 - Contributor+ Stored Cross-Site Scripting

Published

2014-08-01

Title

Responsive Logo Slideshow - URL & Image Field XSS

Published

2024-10-09

Title

Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress < 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via youzify_media Shortcode