CVE-2025-13892 | MG AdvancedOptions Plugin up to 1.2 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability marked as problematic has been reported in MG AdvancedOptions Plugin up to 1.2 on WordPress. This vulnerability affects unknown code. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

This vulnerability is documented as CVE-2025-13892. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-13892 | MG AdvancedOptions Plugin up to 1.2 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Post correlati

CVE-2024-25133 | Red Hat Openshift Hive Privilege Escalation

CVE-2024-13719 | peprodev PeproDev Ultimate Invoice Plugin up to 2.0.8 on WordPress authorization

CVE-2024-48255 | Cloudlog 2.6.15 Oqrs.php get_station_info station_id sql injection

CVE-2025-13130 | Radarr 5.28.0.10274 Service Radarr.Console.exe default permission