CVE-2025-27361

🗓️ 27 Jun 2025 11:52:45Reported by PatchstackType

CVE-2025-27361 WordPress Photo Express plugin <= 0.3.2 has a Reflected XSS vulnerability

Reporter	Title	Published	Views	Family All 10
Circl	CVE-2025-27361	27 Jun 202513:50	–	circl
CNNVD	WordPress plugin Photo Express for Google 跨站脚本漏洞	27 Jun 202500:00	–	cnnvd
Cvelist	CVE-2025-27361 WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerability	27 Jun 202511:52	–	cvelist
EUVD	EUVD-2025-19264	3 Oct 202520:07	–	euvd
NVD	CVE-2025-27361	27 Jun 202512:15	–	nvd
Patchstack	WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerability	23 Jun 202512:25	–	patchstack
Positive Technologies	PT-2025-27085 · Unknown · Thhake Photo Express For Google	27 Jun 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-27361	29 Jun 202512:06	–	redhatcve
Vulnrichment	CVE-2025-27361 WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerability	27 Jun 202511:52	–	vulnrichment
Wordfence Blog	Wordfence Intelligence Weekly WordPress Vulnerability Report (June 23, 2025 to June 29, 2025)	3 Jul 202513:02	–	wordfence

Vulners

Node

thhake photo_express_for_googleRange≤0.3.2wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "photo-express-for-google",
    "product": "Photo Express for Google",
    "vendor": "thhake",
    "versions": [
      {
        "lessThanOrEqual": "0.3.2",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/photo-express-for-google/vulnerability/wordpress-photo-express-for-google-plugin-0-3-2-reflected-cross-site-scripting-xss-vulnerability

28 Apr 2026 16:11Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.17.1

EPSS0.00185

SSVC

CWE-79

cve-2025-27361 wordpress plugin vulnerability reflected cross site scripting xss 0.3.2