CVE-2025-10192 WP Photo Effects <= 1.2.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WP Photo Effects plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wppeeffect' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticat...

PT-2025-40468

Name of the Vulnerable Software and Affected Versions WP Photo Effects plugin for WordPress versions prior to 1.2.5 Description The WP Photo Effects plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'wppe effect' shortcode. This is due to inadequate input sanitization...