CVE-2025-11737 | VK All in One Expansion Unit Plugin up to 9.112.3 on WordPress SNS Title vkExUnit_sns_title cross site scripting

Inserito da Angelo Barbosa | Feb 17, 2026 | CVE

A vulnerability, which was classified as problematic, was found in VK All in One Expansion Unit Plugin up to 9.112.3 on WordPress. This affects an unknown part of the component SNS Title Handler. Executing a manipulation of the argument vkExUnit_sns_title can lead to cross site scripting.

This vulnerability appears as CVE-2025-11737. The attack may be performed from remote. There is no available exploit.

CVE-2025-11737 | VK All in One Expansion Unit Plugin up to 9.112.3 on WordPress SNS Title vkExUnit_sns_title cross site scripting

Post correlati

CVE-2024-52945 | Veritas NetBackup up to 10.4 on Windows untrusted search path

CVE-2024-24695 | Zoom Desktop Client/VDI Client/Meeting SDK on Windows information disclosure

CVE-2025-70656 | Tenda AX1806 1.0.0.1 sub_65B5C mac stack-based overflow

CVE-2024-51032 | SourceCodester Toll Tax Management System 1.0 manage_recipient.php owner cross site scripting