Vulnerabilities and security researches forskyword-plugin skyword-plugin

Jan 10, 2025

CVE, Research URL: CVE-2024-11907
Home page URL: Security reports for Skyword API Plugin
Application: Skyword API Plugin
Date: Jan 09, 2025
Research Description: The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skyword_iframe' shortcode in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: max 2.5.3.
Status: vulnerable

Apr 25, 2026

CVE, Research URL: CVE-2025-58703
Home page URL: Security reports for Skyword API Plugin
Application: Skyword API Plugin
Date: Sep 23, 2025
Research Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in skyword Skyword API Plugin skyword-plugin allows Stored XSS.This issue affects Skyword API Plugin: from n/a through <= 2.5.3.
Affected versions: max 2.5.3.
Status: vulnerable