CVE-2025-12964 – Magical Products Display

CVE ID : CVE-2025-12964

Published : Nov. 21, 2025, 10:15 a.m. | 1 hour ago

Description : The Magical Products Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mpdpr_title_tag’ and ‘mpdpr_subtitle_tag’ parameters in the MPD Pricing Table widget in all versions up to, and including, 1.1.29 due to insufficient input sanitization and output escaping on user-supplied HTML tag names. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2025-52622 – HCL BigFix SaaS Remediate is affected by a security vulnerability

CVE-2025-66399 – SNMP Command Injection leads to RCE in Cacti

CVE-2025-65105 – Apptainer ineffective application of selinux and apparmor –security options

CVE-2025-64750 – Singluarity ineffectively applies of selinux / apparmor LSM process labels