2 matches found
CVE-2025-8394
The CVE-2025-8394 entry describes a Stored Cross-Site Scripting vulnerability in the WordPress Productive Style plugin, affecting all versions up to and including 1.1.23. The issue arises from insufficient input sanitization and output escaping in the display_productive_breadcrumb shortcode, allo...
CVE-2025-8394 Productive Style <= 1.1.23 - Authenticated (Contributor+) Stored Cross-Site Scripting via display_productive_breadcrumb Shortcode
The Productive Style plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's displayproductivebreadcrumb shortcode in all versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...