PatchSiren cyber security CVE debrief
CVE-2025-15658 rewish CVE debrief
CVE-2025-15658 is a medium severity vulnerability in WP Emmet plugin version <= 0.3.4. The vulnerability allows for Administrator Cross Site Scripting (XSS). The Common Vulnerability Scoring System (CVSS) score for this vulnerability is 5.9, indicating a medium severity level. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:L.
- Vendor
- rewish
- Product
- WP Emmet
- CVSS
- MEDIUM 5.9
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of WP Emmet plugin version <= 0.3.4 should be aware of this vulnerability and take necessary actions to mitigate it.
Technical summary
The vulnerability is caused by a lack of proper input validation and sanitization in the WP Emmet plugin. This allows an administrator to inject malicious JavaScript code, potentially leading to unauthorized actions or data breaches.
Defensive priority
Medium
Recommended defensive actions
- Update WP Emmet plugin to a version greater than 0.3.4.
- Implement additional security measures such as Content Security Policy (CSP) to prevent XSS attacks.
Evidence notes
The vulnerability was reported by [email protected] and is documented in the CVE record and NVD detail pages.
Official resources
-
CVE-2025-15658 CVE record
CVE.org
-
CVE-2025-15658 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2025-15658 was published on 2026-06-15T16:16:31.880Z and has not been modified since then.