3 matches found
WordPress A/B Testing for WordPress plugin <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Chuck in WordPress Plugin A/B Testing for WordPress versions = 1.18.2...
CVE-2025-4587 A/B Testing for WordPress <= 1.18.2 - Authenticated (Contributor+) Stored Cross-Site Scripting
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it...
CVE-2025-4587
CVE-2025-4587 concerns the WordPress plugin “A/B Testing for WordPress.” The vulnerability is a stored cross-site scripting flaw in the block at path ab-testing-for-wp/ab-test-block, present in all versions up to and including 1.18.2, caused by insufficient input sanitization and output escaping ...