CVE-2025-13308 | Application Passwords Plugin up to 0.1.3 on WordPress reject_url cross site scripting

Inserito da Angelo Barbosa | Dic 6, 2025 | CVE

A vulnerability identified as problematic has been detected in Application Passwords Plugin up to 0.1.3 on WordPress. This affects an unknown function. The manipulation of the argument reject_url leads to cross site scripting.

This vulnerability is referenced as CVE-2025-13308. Remote exploitation of the attack is possible. No exploit is available.

CVE-2025-13308 | Application Passwords Plugin up to 0.1.3 on WordPress reject_url cross site scripting

Post correlati

CVE-2025-5257 | Mautic up to 6.0.1/5.4.5/4.4.15 /page/preview/1 improper validation of specified quantity in input (GHSA-cqx4-9vqf-q3m8)

CVE-2024-9306 | WP Booking Calendar Plugin up to 10.6 on WordPress cross site scripting

CVE-2024-12628 | budiony bodi0s Easy cache Plugin up to 0.8 on WordPress cache-folder cross site scripting

CVE-2023-52351 | Unisoc S8000 Ril Service out-of-bounds write