WordPress WP Easy Toggles plugin <= 1.9.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by zaim in WordPress Plugin WP Easy Toggles versions = 1.9.0...

CVE-2025-10190

WP Easy Toggles for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s toggles shortcode in versions up to and including 1.9.0. The root cause is insufficient input sanitization and output escaping on user-supplied attributes, allowing authenticated users with contributor-lev...