CVE-2025-14797 | Same Category Posts Plugin up to 1.1.19 on WordPress Widget Title Placeholder htmlspecialchars_decode cross site scripting

Inserito da Angelo Barbosa | Gen 24, 2026 | CVE

A vulnerability was found in Same Category Posts Plugin up to 1.1.19 on WordPress. It has been declared as problematic. This affects the function htmlspecialchars_decode of the component Widget Title Placeholder. Such manipulation leads to cross site scripting.

This vulnerability is referenced as CVE-2025-14797. It is possible to launch the attack remotely. No exploit is available.

CVE-2025-14797 | Same Category Posts Plugin up to 1.1.19 on WordPress Widget Title Placeholder htmlspecialchars_decode cross site scripting

Post correlati

CVE-2024-34274 | OpenBD 20210306203917-6cbe797 Cookie bdglobals/bdclient_spot deserialization (Issue 89)

CVE-2024-8235 | Red Hat Enterprise Linux 6/7/8/9 libvirt null pointer dereference

CVE-2024-37363 | Hitachi Vantara Pentaho Data Integration & Analytics Data Source Management Service authorization

CVE-2024-0324 | User Profile Builder Plugin up to 3.10.8 on WordPress Setting wppb_two_factor_authentication_settings_update authorization