CVE-2025-1453

{"id": "CVE-2025-1453", "cveTags": [], "metrics": {}, "published": "2025-04-24T06:15:43.957", "references": [{"url": "https://wpscan.com/vulnerability/6bf93a34-a19f-4266-a95d-033551db43e6/", "source": "contact@wpscan.com"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)."}], "lastModified": "2025-04-24T06:15:43.957", "sourceIdentifier": "contact@wpscan.com"}