WordPress Category Icon Plugin XML External Entity (XXE) Vulnerability

Vulnerability

A vulnerability allowing XML External Entity (XXE) injection has been identified in the WordPress Category Icon plugin, specifically in versions through 1.0.2. This vulnerability arises from improper restriction of XML external entity references, which could be exploited to link XML entities and potentially inject arbitrary XML.

Impact

Exploitation of this vulnerability could lead to XML entity linking, allowing for the injection of arbitrary XML. This could cause the website to leak sensitive information, experience a denial of service, or suffer from server-side request forgery.

Added: Jun 9, 2025, 4:58 PM

Updated: Jun 9, 2025, 4:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

0.0

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Category Icon Plugin XML External Entity (XXE) Vulnerability

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating