CVE-2025-6063
The CVE CVE-2025-6063 affects the XiSearch bar WordPress plugin (versions up to and including 2.6). The root cause is missing/incorrect nonce validation on the xisearch-key-config page, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to update plugin settings and inject...