CVE 5.3 MEDIUM

WordPress Norebro Extra plugin <= 1.6.8 - Content Injection vulnerability_CVE-2025-64633

December 16, 2025 invoker category_cve
5.3 / 10
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in colabrio Norebro Extra norebro-extra allows Code Injection.This issue affects Norebro Extra: from n/a through <= 1.6.8.

Basic Information

ID CVE-2025-64633
Source Patchstack
Published Dec 16, 2025 at 08:12
Modified Dec 16, 2025 at 17:18

Affected Product

Vendor colabrio
Product Norebro Extra
Version n/a
Affected Versions colabrio Norebro Extra n/a

CWE Classification

CWE-80

References

💭 Join the Security Discussion

🔒 Your email address will not be published. Required fields are marked *

⚠️ Please be respectful and constructive in your comments. Security discussions should remain professional.