CVE-2025-10139

CVE-2025-10139 concerns the WordPress plugin WP BookWidgets. According to Wordfence, it is vulnerable to a stored cross-site scripting (XSS) condition via the plugin’s bw_link shortcode in versions up to and including 0.9, caused by insufficient input sanitization and output escaping of user-supp...