EUVD-2025-200241

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-13731 Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2025-13731

CVE-2025-13731 impacts the Nexter Extension – Site Enhancements Toolkit for WordPress. The issue is a Stored Cross-Site Scripting vulnerability in the nxt-year shortcode caused by insufficient input sanitization and output escaping, affecting versions up to 4.4.1. Exploitation requires authentica...

CVE-2025-13731 Nexter Extension <= 4.4.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

PT-2025-48686

The Nexter Extension – Site Enhancements Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nxt-year' shortcode in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...