Vulnerabilities and security researches forfb2wp-integration-tools fb2wp-integration-tools

Nov 12, 2025

CVE, Research URL: CVE-2025-11857
Home page URL: Security reports for XX2WP Integration Tools
Application: XX2WP Integration Tools
Date: Oct 18, 2025
Research Description: The XX2WP Integration Tools plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mxp_fb2wp_display_embed' shortcode in all versions up to, and including, 1.9.9. This is due to the plugin not properly sanitizing user input and output of the 'post_id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.0.0.
Status: vulnerable