CVE-2025-14120
CVE-2025-14120 affects the URL Image Importer WordPress plugin and enables a Stored XSS via SVG uploads. Exploitation requires authenticated access at Author level or higher, affecting versions up to 1.0.7. Remediation: upgrade to version 1.0.7 (patched).