3 matches found
CVE-2025-11876
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-11876 Mailgun Subscriptions <= 1.3.1 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Mailgun Subscriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mailgunsubscriptionform' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possib...
CVE-2025-11876
CVE-2025-11876 concerns the WordPress plugin Mailgun Subscriptions (up to version 1.3.1). The issue is a Stored Cross-Site Scripting (XSS) vulnerability in the plugin’s shortcodes, specifically the mailgun_subscription_form attribute handling, caused by insufficient input sanitization and output ...