CVE-2025-24534 WordPress DPortfolio plugin <= 2.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in dinamiko DPortfolio dportfolio allows Reflected XSS.This issue affects DPortfolio: from n/a through = 2.0...

CVE-2025-24534

CVE-2025-24534 is a Reflected XSS vulnerability affecting the WordPress DPortfolio plugin up to and including version 2.0. The issue arises from improper input neutralization during web page generation, enabling injected scripts to run in a user’s browser. The CVSSv3.1 metrics indicate a NETWORK ...