CVE-2025-3858
CVE-2025-3858 affects the WordPress plugin Formality (versions up to 1.5.8). It is a Stored Cross‑Site Scripting (XSS) via the align parameter caused by insufficient input sanitization and output escaping. Exploitation requires Contributor+ authentication , and an attacker can inject scripts that...