CVE-2025-14145
The CVE-2025-14145 affecting Niche Hero plugin for WordPress is a Stored XSS in the nh_row shortcode (spacing parameter). Affected versions up to 1.0.5; exploitation requires Contributor+ authentication. Patch released with version 1.0.5 (remediation: escape/sanitize input and proper output escap...