{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-50053", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-06-11T16:08:50.969Z", "datePublished": "2025-12-31T20:09:03.413Z", "dateUpdated": "2026-04-28T16:13:17.005Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "yournewsapp", "product": "Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App", "vendor": "nebelhorn", "versions": [{"lessThanOrEqual": "0.8.8.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Nguyen Xuan Chien | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:41:32.002Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.<p>This issue affects Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App: from n/a through <= 0.8.8.8.</p>"}], "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.This issue affects Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App: from n/a through <= 0.8.8.8."}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "Reflected XSS"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:13:17.005Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/yournewsapp/vulnerability/wordpress-blappsta-mobile-app-plugin-your-native-mobile-iphone-app-and-android-app-plugin-0-8-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "title": "WordPress Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App Plugin <= 0.8.8.8 - Cross Site Scripting (XSS) Vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-02T15:31:57.536413Z", "id": "CVE-2025-50053", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T15:32:05.760Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-50053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-02T15:31:57.536413Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-02T15:32:02.627Z"}}], "cna": {"tags": ["x_open-source"], "title": "WordPress Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App Plugin <= 0.8.8.8 - Cross Site Scripting (XSS) Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Nguyen Xuan Chien | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-591", "descriptions": [{"lang": "en", "value": "CAPEC-591 Reflected XSS"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "nebelhorn", "product": "Blappsta Mobile App Plugin &#8211; Your native, mobile iPhone App and Android App", "versions": [{"status": "affected", "version": "n/a", "versionType": "custom", "lessThanOrEqual": "0.8.8.8"}], "packageName": "yournewsapp", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/yournewsapp/vulnerability/wordpress-blappsta-mobile-app-plugin-your-native-mobile-iphone-app-and-android-app-plugin-0-8-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin & Your native, mobile iPhone App and Android App allows Reflected XSS.This issue affects Blappsta Mobile App Plugin &#8211; Your native, mobile iPhone App and Android App: from n/a through 0.8.8.8.", "supportingMedia": [{"type": "text/html", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin &amp; Your native, mobile iPhone App and Android App allows Reflected XSS.<p>This issue affects Blappsta Mobile App Plugin &amp;#8211; Your native, mobile iPhone App and Android App: from n/a through 0.8.8.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-79", "description": "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-01-20T14:28:08.302Z"}}}, "cveMetadata": {"cveId": "CVE-2025-50053", "state": "PUBLISHED", "dateUpdated": "2026-01-20T14:28:08.302Z", "dateReserved": "2025-06-11T16:08:50.969Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-12-31T20:09:03.413Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nebelhorn Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App yournewsapp allows Reflected XSS.This issue affects Blappsta Mobile App Plugin \u2013 Your native, mobile iPhone App and Android App: from n/a through <= 0.8.8.8."}, {"lang": "es", "value": "Neutralizaci\u00f3n incorrecta de la entrada durante la generaci\u00f3n de p\u00e1ginas web ('cross-site scripting') vulnerabilidad en el plugin de la aplicaci\u00f3n m\u00f3vil Blappsta de nebelhorn y su aplicaci\u00f3n nativa m\u00f3vil para iPhone y Android permite XSS reflejado. Este problema afecta al plugin de la aplicaci\u00f3n m\u00f3vil Blappsta \u2013 Su aplicaci\u00f3n nativa m\u00f3vil para iPhone y Android: desde n/d hasta 0.8.8.8."}], "id": "CVE-2025-50053", "lastModified": "2026-04-28T19:33:22.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.7, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2025-12-31T20:15:42.793", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/yournewsapp/vulnerability/wordpress-blappsta-mobile-app-plugin-your-native-mobile-iphone-app-and-android-app-plugin-0-8-8-8-cross-site-scripting-xss-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2026-01-05T10:15:19.452822+00:00", "updated": "2026-04-30T04:30:27.674995+00:00", "vendors": ["google", "google$PRODUCT$android", "nebelhorn", "nebelhorn$PRODUCT$blappsta_mobile_app_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}