CVE-2025-14767 | wpclever WPC Badge Management for WooCommerce Plugin up to 3.1.6 on WordPress Shortcode wpcbm_best_seller text cross site scripting

Inserito da Angelo Barbosa | Mag 13, 2026 | CVE

A vulnerability was found in wpclever WPC Badge Management for WooCommerce Plugin up to 3.1.6 on WordPress. It has been classified as problematic. The affected element is the function wpcbm_best_seller of the component Shortcode Handler. Performing a manipulation of the argument text results in cross site scripting.

This vulnerability is identified as CVE-2025-14767. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-14767 | wpclever WPC Badge Management for WooCommerce Plugin up to 3.1.6 on WordPress Shortcode wpcbm_best_seller text cross site scripting

Post correlati

CVE-2026-32426 | themelexus Medilazar Core Plugin up to 1.4.7 on WordPress filename control

CVE-2023-51526 | Brett Shumaker Simple Staff List Plugin up to 2.2.4 on WordPress authorization

CVE-2024-0291 | Totolink LR1200GB 9.1.0u.6619_B20230130 /cgi-bin/cstecgi.cgi UploadFirmwareFile FileName command injection

CVE-2024-36856 | RMQTT Broker 0.4.0 TCP Packet denial of service