3 matches found
CVE-2025-11867
The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...
CVE-2025-11867 Bg Book Publisher <= 1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Bg Book Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the bookauthor post meta, rendered through the bookauthor shortcode, in all versions up to, and including, 1.25. This is due to the plugin not properly escaping the meta value before output. This makes it...
CVE-2025-11867
CVE-2025-11867 corresponds to Bg Book Publisher for WordPress. The WordPress plugin is vulnerable to a Stored Cross-Site Scripting (XSS) via the post meta field book_author, which is rendered through the [book_author] shortcode. Affected versions are all versions up to and including 1.25. The vul...