CVE-2025-6200 Information

Description

The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.

Reference

https://wpscan.com/vulnerability/27c35255-4963-4d93-85e7-9e7688e5eb2e/

Related CNNVD

CNNVD-202507-1620 (Published: 2025-07-11)