5 matches found
CVE-2025-13739
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-13739 CryptX <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-13739 CryptX <= 4.0.5 - Authenticated (Contributor+) Stored Cross-Site Scripting
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...
CVE-2025-13739
CVE-2025-13739 (CryptX for WordPress) is a stored XSS in the CryptX plugin via the cryptx shortcode, affecting all versions up to 4.0.4. Exploitation requires authenticated access at contributor level or higher, enabling injection of scripts that execute when users load the injected page. Wordfen...
PT-2025-49239
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cryptx shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, wi...