CVE-2025-13860 Easy Jump Links Menus <= 1.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode Attributes

The Easy Jump Links Menus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htags parameter in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...

CVE-2025-13860

CVE-2025-13860 (Easy Jump Links Menus, WordPress) Vulnerability: Stored Cross-Site Scripting via shortcode/HTML tag handling in the Easy Jump Links Menus plugin (versions up to 1.0.0). Root cause: insufficient input sanitization and output escaping for the h_tags/shortcode attributes, enabling pe...