CVE-2025-52742: 
WordPress vulnerability analysis and mitigation

A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in the Igor Benic Pets WordPress plugin, tracked as CVE-2025-52742. The vulnerability affects all versions of the Pets plugin up to and including version 1.4.1. This security issue was discovered and disclosed on October 22, 2025 (NVD).

The vulnerability is classified as an Improper Neutralization of Input During Web Page Generation (CWE-79) issue that allows for Reflected Cross-Site Scripting attacks. The vulnerability has received a CVSS v3.1 base score of 7.1 (High) with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L. This indicates that the vulnerability is network-accessible, requires low attack complexity, needs no privileges, but does require user interaction (AttackerKB).

The vulnerability could allow attackers to execute malicious scripts in users' browsers in the context of the affected website. With a CVSS score of 7.1, the impact is rated as High, affecting confidentiality, integrity, and availability, each at a Low level, but with Changed scope indicating potential broader impact (NVD).

Users of the Igor Benic Pets WordPress plugin should upgrade to a version newer than 1.4.1 when available. As of the vulnerability disclosure, no official patch has been released (Patchstack).