CVE-2025-62899
WordPress Photospace Responsive plugin <= 2.2.0 - Cross Site Scripting (XSS) vulnerabilityImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THRIVE - Web Design Gold Coast Photospace Responsive photospace-responsive allows Stored XSS.This issue affects Photospace Responsive: from n/a through <= 2.2.0.
We have discovered 440 live websites that are affected by CVE-2025-62899.
Affected Software
| Product |  Photospace Responsive |
| Category | Wordpress Plugins |
| Vulnerable Domains | 440 live websites (100% of Photospace Responsive install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 1 versions ( 100% of all versions) |
Details
- Published - Oct 27, 2025
- Updated - Nov 13, 2025
Credits
- Muhammad Yudha - DJ | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2025-62899 United States | 113 websites |
 Japan | 115 websites |
 Germany | 30 websites |
 Netherlands | 18 websites |
 Italy | 18 websites |
 France | 18 websites |
 Canada | 15 websites |
 GB | 10 websites |
 Czech Republic | 10 websites |
Website Distribution by TLD
Number of websites using CVE-2025-62899| .com | 217 websites |
| .jp | 24 websites |
| .de | 19 websites |
| .org | 15 websites |
| .nl | 15 websites |
| .co.jp | 15 websites |
| .it | 11 websites |
| .net | 9 websites |
| .cz | 9 websites |
| .ca | 8 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-62899
Top websites that are affected by CVE-2025-62899. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.net | United States | ***,*** | |
| *****************.org | United States | ***,*** | |
| ******************.com |  Portugal | ***,*** | |
| ****.org | United States | ***,*** | |
| **********.jp | Japan | ***,*** | |
| **********.com | Japan | ***,*** | |
| *****.org | United States | *,***,*** | |
| *********.ru |  Russia | *,***,*** | |
| *********.com | United States | *,***,*** | |
| ****.*****.org | Japan | *,***,*** |
FAQ
A total of 440 websites have been identified as vulnerable to CVE-2025-62899, based on global website indexing conducted by WebTechSurvey.
The Photospace Responsive is affected by the CVE-2025-62899 vulnerability.
Photospace Responsive versions up to and including 2.2 are vulnerable to CVE-2025-62899.