EUVD-2021-11943

🗓️ 07 Oct 2025 00:30:54Reported by EUVDType

WordPress plugin before 9.7.1 allows Reflected Cross-Site Scripting via unescaped effects parameter

Reporter	Title	Published	Views	Family All 11
Circl	CVE-2021-25031	24 Jan 202212:17	–	circl
CNNVD	WordPress plugin 跨站脚本漏洞	24 Jan 202200:00	–	cnnvd
CVE	CVE-2021-25031	24 Jan 202208:01	–	cve
Cvelist	CVE-2021-25031 Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting	24 Jan 202208:01	–	cvelist
NVD	CVE-2021-25031	24 Jan 202208:15	–	nvd
OSV	CVE-2021-25031	24 Jan 202208:15	–	osv
Patchstack	WordPress Image Hover Effects Ultimate plugin <= 9.7.0 - Reflected Cross-Site Scripting (XSS) vulnerability	27 Dec 202100:00	–	patchstack
Prion	Cross site scripting	24 Jan 202208:15	–	prion
RedhatCVE	CVE-2021-25031	22 May 202521:36	–	redhatcve
wpexploit	Image Hover Effects Ultimate < 9.7.1 - Reflected Cross-Site Scripting	27 Dec 202100:00	–	wpexploit

[
  {
    "enisaIdVendor": [
      {
        "id": "223baeef-2065-3ad1-8f7f-a52e12d32ab4",
        "vendor": {
          "name": "Unknown"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "da19f562-d6c7-3b58-b9e3-f3c776f3dbd1",
        "product": {
          "name": "Image Hover Effects Ultimate (Image Gallery, Effects, Lightbox, Comparison or Magnifier)"
        },
        "product_version": "9.7.1 <9.7.1"
      }
    ]
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/1fbcf5ec-498e-4d40-8577-84b8c7ac3201
plugins	www.plugins.trac.wordpress.org/changeset/2648086
github	www.github.com/advisories/GHSA-293c-r3p4-g63r

07 Oct 2025 00:30Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.16.1

CVSS 24.3

EPSS0.0021