CVE-2025-12965 | Magical Posts Display Plugin up to 1.2.54 on WordPress Magical Posts Accordion Widget mpac_title_tag cross site scripting

Inserito da Angelo Barbosa | Dic 12, 2025 | CVE

A vulnerability identified as problematic has been detected in Magical Posts Display Plugin up to 1.2.54 on WordPress. Affected by this vulnerability is an unknown functionality of the component Magical Posts Accordion Widget. The manipulation of the argument mpac_title_tag leads to cross site scripting.

This vulnerability is traded as CVE-2025-12965. It is possible to initiate the attack remotely. There is no exploit available.

CVE-2025-12965 | Magical Posts Display Plugin up to 1.2.54 on WordPress Magical Posts Accordion Widget mpac_title_tag cross site scripting

Post correlati

CVE-2025-21288 | Microsoft

CVE-2023-45774 | Google Android 11/12/12L/13/14 ShortcutService.java fixUpIncomingShortcutInfo information disclosure

CVE-2024-20121 | MediaTek MT8798 KeyInstall out-of-bounds write (MSV-1574 / ALPS08956986)

CVE-2024-22774 | Panoramic Digital Imaging Software 9.1.2.7600 ccsservice.exe Local Privilege Escalation