CVE-2025-14128 Stumble! for WordPress <= 1.1.1 - Reflected Cross-Site Scripting via $_SERVER['PHP_SELF']

The Stumble! for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $SERVER'PHPSELF' variable in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject...

CVE-2025-14128

CVE-2025-14128 concerns the WordPress plugin Stumble! for WordPress . The vulnerability is a Reflected Cross-Site Scripting (XSS) flaw via the PHP_SELF variable exposed by the plugin in all versions up to 1.1.1. According to Wordfence’s weekly report, this flaw allows unauthenticated attackers to...