CVE-2025-24576: 
WordPress vulnerability analysis and mitigation

A Cross-Site Scripting (XSS) vulnerability has been identified in Fatcat Apps Landing Page Cat plugin through version 1.7.7, tracked as CVE-2025-24576. The vulnerability was discovered by LVT-tholv2k and publicly disclosed on December 17, 2024. This reflected XSS vulnerability affects WordPress installations using the Landing Page Cat plugin versions up to and including 1.7.7 (Patchstack).

The vulnerability is classified as a Cross-Site Scripting (XSS) issue, specifically of the reflected type. It has been assigned a CVSS v3.1 score of 7.1 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. The vulnerability is categorized under CWE-79: Improper Neutralization of Input During Web Page Generation (NVD).

If exploited, this vulnerability could allow attackers to inject malicious scripts into web pages, which would then be executed when visitors access the affected site. This could lead to the theft of user session data, redirection to malicious sites, or injection of unwanted content such as advertisements (Patchstack).

Users are advised to update to Landing Page Cat version 1.7.8 or later to resolve this vulnerability. The fix has been made available in version 1.7.8 which addresses the XSS issue (Patchstack).