WordPress plugin Omnipress 代码问题漏洞

🗓️ 05 Dec 2025 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 7 Views

Stored XSS in WordPress Omnipress plugin up to 1.6.3 due to input cleanup and escaping issues.

Reporter	Title	Published	Views	Family All 12
GithubExploit	Exploit for CVE-2025-12163	15 Dec 202521:45	–	githubexploit
Circl	CVE-2025-12163	5 Dec 202512:56	–	circl
CVE	CVE-2025-12163	5 Dec 202505:31	–	cve
Cvelist	CVE-2025-12163 Omnipress <= 1.6.5 - Authenticated (Author+) Stored Cross-Site Scripting	5 Dec 202505:31	–	cvelist
EUVD	EUVD-2025-201382	5 Dec 202505:31	–	euvd
NVD	CVE-2025-12163	5 Dec 202506:16	–	nvd
Packet Storm	📄 WordPress Omnipress 1.6.3 Cross Site Scripting	16 Dec 202500:00	–	packetstorm
Patchstack	WordPress Omnipress plugin <= 1.6.5 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability	31 Dec 202500:00	–	patchstack
Positive Technologies	PT-2025-49204	5 Dec 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-12163	6 Dec 202505:54	–	redhatcve

Source	Link
cwe	www.cwe.mitre.org/data/definitions/434.html
owasp	www.owasp.org/www-community/vulnerabilities/Unrestricted_File_Upload
plugins	www.plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/Core/RestControllersBase.php
plugins	www.plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/RestApi/Controllers/V1/FileUploadRestController.php
plugins	www.plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/uploader/FileUploader.php
plugins	www.plugins.trac.wordpress.org/browser/omnipress/tags/1.6.3/includes/uploader/FileUploader.php
wordfence	www.wordfence.com/threat-intel/vulnerabilities/id/15aabe3b-1b77-4e4e-9710-cf06924dbcbf

28 May 2026 00:00Current

5.9Medium risk

Vulners AI Score5.9

CVSS 3.16.4

EPSS0.00013

SSVC

WordPress Omnipress cross site scripting version 1.6.3 input cleanup escaping