CVE-2025-13895 | Top Position Google Finance Plugin up to 0.1.0 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Inserito da Angelo Barbosa | Gen 9, 2026 | CVE

A vulnerability classified as problematic has been found in Top Position Google Finance Plugin up to 0.1.0 on WordPress. Impacted is an unknown function. This manipulation of the argument $_SERVER[‘PHP_SELF’] causes cross site scripting.

This vulnerability appears as CVE-2025-13895. The attack may be initiated remotely. There is no available exploit.

CVE-2025-13895 | Top Position Google Finance Plugin up to 0.1.0 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

Post correlati

CVE-2024-48866 | QNAP QTS/QuTS hero URL url encoding (qsa-24-49)

CVE-2024-41753 | IBM Cloud Pak for Business Automation up to 24.0.0 IF004/24.0.1 IF001 Web UI cross site scripting

CVE-2024-5344 | Plus Addons for Elementor Page Builder Plugin up to 5.5.6 on WordPress WP Login/Register Widget cross site scripting

CVE-2024-22037 | SUSE Manager Server prior 0.1.26-150500.3.12.2 Environment Variable database_password exposure of sensitive system information to an unauthorized control sphere