CVE-2025-13676

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHPSELF server variable. This makes it possible for unauthenticated attackers to...

CVE-2025-13676 JustClick registration plugin <= 0.1 - Reflected Cross-Site Scripting via PHP_SELF

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHPSELF server variable. This makes it possible for unauthenticated attackers to...

CVE-2025-13676

CVE-2025-13676 is a Reflected Cross-Site Scripting vulnerability in the WordPress plugin “JustClick registration plugin” (versions up to and including 0.1). The issue arises from insufficient input sanitization and output escaping on the PHP_SELF server variable, enabling unauthenticated attacker...

PT-2026-4567

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHP SELF server variable. This makes it possible for unauthenticated attackers to...