Vulnerabilities and security researches fordevformatter devformatter

Jun 15, 2025

CVE, Research URL: CVE-2025-5699
Home page URL: Security reports for Developer Formatter
Application: Developer Formatter
Date: Jun 06, 2025
Research Description: The Developer Formatter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom CSS in all versions up to, and including, 2015.0.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: 3a93deba191138b5f779f414e317ac0d57e86ec2
Home page URL: Security reports for Developer Formatter
Application: Developer Formatter
Date: May 15, 2015
Research Description: Developer Formatter [devformatter] < 2013.0.1.41 WordPress Developer Formatter Plugin <= 2013.0.1.40 - Cross Site Scripting This plugin is prone to a devformatter.php multiple field cross site scripting vulnerability. Update the plugin.
Affected versions: Min -, max -.
Status: vulnerable