WordPress JustClick registration plugin plugin <= 0.1 - Reflected Cross-Site Scripting via PHP_SELF vulnerability

Reflected Cross-Site Scripting via PHPSELF vulnerability discovered by Abdulsamad Yusuf 0xVenus - Envorasec in WordPress Plugin JustClick registration plugin versions = 0.1...

CVE-2025-13676

The JustClick registration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 0.1. This is due to insufficient input sanitization and output escaping on the PHPSELF server variable. This makes it possible for unauthenticated attackers to...

WordPress plugin JustClick registration: cross-site scripting vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...