CVE-2025-62043
Received Received - Intake
DOM-Based XSS in WPCasa Through Improper Input Neutralization

Publication date: 2026-03-19

Last updated on: 2026-03-19

Assigner: Patchstack

Description
Improper neutralization of input during web page generation ('cross-site scripting') vulnerability in WPSight WPCasa allows DOM-Based XSS.This issue affects WPCasa: from n/a through 1.4.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-15
NVD
CVE-2025-62043
EUVD
EUVD-2025-208863
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wpcasa wpcasa From 1.0.0 (inc) to 1.4.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2025-62043 vulnerability is a Cross Site Scripting (XSS) issue found in the WordPress WPCasa Plugin versions up to and including 1.4.1.

This vulnerability allows attackers to inject malicious scriptsβ€”such as redirects, advertisements, or other HTML payloadsβ€”into websites using the plugin, which execute when visitors access the affected site.

Exploitation requires a user with at least Contributor or Developer privileges to perform an action like clicking a malicious link, visiting a crafted page, or submitting a form, meaning user interaction is necessary for the attack to succeed.

The issue was patched in version 1.4.2 of the WPCasa plugin, and users are strongly advised to update to this version or later to mitigate the risk.

Impact Analysis

This vulnerability can allow attackers to execute malicious scripts on your website, which may lead to unwanted redirects, display of unauthorized advertisements, or other harmful HTML payloads.

Because the attack requires user interaction from someone with Contributor or Developer privileges, the risk is somewhat limited but still significant.

The CVSS score of 6.5 indicates a moderate severity level, meaning the impact can include partial compromise of confidentiality, integrity, and availability of the affected system.

Although mass exploitation campaigns are possible, the overall impact is considered low priority and unlikely to cause significant widespread damage.

Compliance Impact

I don't know

Detection Guidance

This vulnerability is a DOM-Based Cross Site Scripting (XSS) issue in the WPCasa WordPress plugin up to version 1.4.1. Detection typically involves identifying if the vulnerable plugin version is installed and if malicious scripts are being injected or executed.

Since exploitation requires user interaction with crafted pages or links, network detection might focus on monitoring for suspicious HTTP requests or unusual script injections related to WPCasa plugin pages.

Specific commands are not provided in the available resources. However, general detection steps could include:

  • Checking the installed version of the WPCasa plugin to see if it is version 1.4.1 or earlier.
  • Using web vulnerability scanners that can detect XSS vulnerabilities in WordPress plugins.
  • Monitoring web server logs for unusual query parameters or script payloads targeting WPCasa plugin endpoints.
Mitigation Strategies

The primary and immediate mitigation step is to update the WPCasa plugin to version 1.4.2 or later, where this vulnerability has been patched.

Additionally, consider the following steps:

  • Restrict user privileges to limit the ability of contributors or developers to perform actions that could trigger the vulnerability.
  • Use web application firewalls (WAFs) to block malicious scripts or suspicious requests targeting the plugin.
  • Apply automated updates if available to ensure rapid deployment of security patches.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-62043. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart