CVE-2025-1489
The WP-Appbox plugin for WordPress has a Stored Cross-Site Scripting (XSS) vulnerability in the appbox shortcode, affecting all versions up to 4.5.4 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires authentication (Contributor+), enablin...