Wiz
Vulnerability DatabaseCVE-2025-28880

CVE-2025-28880
WordPress vulnerability analysis and mitigation

Overview

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability exists in Blue Captcha plugin through version 1.7.4. The vulnerability allows Reflected XSS attacks and was discovered in March 2025 (NVD, Patchstack).

Technical details

The vulnerability is classified as CWE-79 (Improper Neutralization of Input During Web Page Generation) with a CVSS v3.1 Base Score of 7.1 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L). The vulnerability allows for Reflected Cross-Site Scripting attacks due to insufficient input validation (NVD).

Impact

The vulnerability can lead to unauthorized disclosure of confidential information, manipulation of web content, and potential execution of malicious scripts in users' browsers. The CVSS scoring indicates low impacts on confidentiality, integrity, and availability, but the overall severity is high due to the scope being changed (Patchstack).

Mitigation and workarounds

Users should upgrade Blue Captcha to a version newer than 1.7.4 when available. Until then, website administrators should implement additional security controls such as Web Application Firewalls (WAF) to help mitigate potential XSS attacks (NVD).

Additional resources

SourceThis report was generated using AI

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues

Cloud threat landscape

Cloud threat landscape

A comprehensive threat intelligence database of cloud security incidents, actors, tools and techniques

PEACH

PEACH

A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation

Get a personalized demo

Ready to see Wiz in action?

“Best User Experience I have ever seen, provides full visibility to cloud workloads.”
David EstlickCISO
“Wiz provides a single pane of glass to see what is going on in our cloud environments.”
Adam FletcherChief Security Officer
“We know that if Wiz identifies something as critical, it actually is.”
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo