CVE-2025-13893 | Lesson Plan Book Plugin up to 1.3 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability labeled as problematic has been found in Lesson Plan Book Plugin up to 1.3 on WordPress. This affects an unknown part. Executing a manipulation of the argument $_SERVER[‘PHP_SELF’] can lead to cross site scripting.

This vulnerability is registered as CVE-2025-13893. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-13893 | Lesson Plan Book Plugin up to 1.3 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Post correlati

CVE-2022-28658 | Canonical Apport up to 2.20.x Argument Parser unknown vulnerability (USN-5427-1)

CVE-2024-10324 | rometheme RomethemeKit for Elementor Plugin up to 1.5.2 on WordPress Template Data offcanvas-rometheme.php register_controls exposure of sensitive information through metadata

CVE-2025-49518 | Moodle Web Service resource injection

CVE-2024-9588 | Category and Taxonomy Meta Fields Plugin up to 1.0.0 on WordPress cross-site request forgery