CVE-2025-13739 CryptX <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

EUVD-2025-201401

The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

CVE-2025-13739

CVE-2025-13739 (CryptX for WordPress) is a stored XSS in the CryptX plugin via the cryptx shortcode, affecting all versions up to 4.0.4. Exploitation requires authenticated access at contributor level or higher, enabling injection of scripts that execute when users load the injected page. Wordfen...

PT-2025-49239

The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...

WordPress CryptX plugin <= 4.0.5 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin CryptX versions = 4.0.5...