{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-32520", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-09T11:19:35.668Z", "datePublished": "2025-04-17T15:47:43.138Z", "dateUpdated": "2026-04-01T15:51:00.423Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-condition", "product": "WordPress Health and Server Condition \u2013 Integrated with Google Page Speed", "vendor": "M. Ali Saleem", "versions": [{"lessThanOrEqual": "4.1.1", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Mika | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:38:43.638Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition \u2013 Integrated with Google Page Speed wp-condition allows Reflected XSS.<p>This issue affects WordPress Health and Server Condition \u2013 Integrated with Google Page Speed: from n/a through <= 4.1.1.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition \u2013 Integrated with Google Page Speed wp-condition allows Reflected XSS.This issue affects WordPress Health and Server Condition \u2013 Integrated with Google Page Speed: from n/a through <= 4.1.1."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:51:00.423Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wp-condition/vulnerability/wordpress-wordpress-health-and-server-condition-plugin-4-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress WordPress Health and Server Condition plugin <= 4.1.1 - Reflected Cross Site Scripting (XSS) vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-17T18:05:39.020834Z", "id": "CVE-2025-32520", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T18:25:13.839Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-32520", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-04-09T11:19:35.668Z", "datePublished": "2025-04-17T15:47:43.138Z", "dateUpdated": "2025-04-17T18:25:13.839Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-04-17T15:47:43.138Z"}, "title": "WordPress WordPress Health and Server Condition plugin <= 4.1.1 - Reflected Cross Site Scripting (XSS) vulnerability", "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "affected": [{"vendor": "M. Ali Saleem", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-condition", "product": "WordPress Health and Server Condition \u2013 Integrated with Google Page Speed", "versions": [{"lessThanOrEqual": "4.1.1", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition \u2013 Integrated with Google Page Speed allows Reflected XSS. This issue affects WordPress Health and Server Condition \u2013 Integrated with Google Page Speed: from n/a through 4.1.1.", "supportingMedia": [{"type": "text/html", "base64": false, "value": "<p>Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition \u2013 Integrated with Google Page Speed allows Reflected XSS.</p><p>This issue affects WordPress Health and Server Condition \u2013 Integrated with Google Page Speed: from n/a through 4.1.1.</p>"}]}], "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/wordpress/plugin/wp-condition/vulnerability/wordpress-wordpress-health-and-server-condition-plugin-4-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "metrics": [{"format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}], "cvssV3_1": {"baseScore": 7.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseSeverity": "HIGH", "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "version": "3.1"}}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Mika (Patchstack Alliance)"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-32520", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-17T18:05:39.020834Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-17T18:05:40.928Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M. Ali Saleem WordPress Health and Server Condition \u2013 Integrated with Google Page Speed wp-condition allows Reflected XSS.This issue affects WordPress Health and Server Condition \u2013 Integrated with Google Page Speed: from n/a through <= 4.1.1."}, {"lang": "es", "value": "Vulnerabilidad de neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('Cross-site Scripting') en M. Ali Saleem WordPress Health and Server Condition \u2013 Integrated with Google Page Speed permite XSS reflejado. Este problema afecta a WordPress Health and Server Condition \u2013 Integrated with Google Page Speed: desde n/d hasta la versi\u00f3n 4.1.1."}], "id": "CVE-2025-32520", "lastModified": "2026-04-01T17:22:28.930", "metrics": {}, "published": "2025-04-17T16:15:40.960", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wp-condition/vulnerability/wordpress-wordpress-health-and-server-condition-plugin-4-1-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{}