cleantalk
Vulnerabilities and Security Researches

Optio Dentistry, CVE-2025-9853

CVE, Research URL

CVE-2025-9853

Home page URL

Security reports for Optio Dentistry

Application

Optio Dentistry

Published on
Sep 06, 2025
Research Description
The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 2.3.
Status
vulnerable
Previous vulnerability researches
Community Lite Video Chat (12108f2d6b7cdd384ce360bc60e3cf6c2dcb247d) , Jun 06, 2024
Community Lite Video Chat (CVE-2024-49605) , Oct 22, 2024
New vulnerability
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025
PagSeguro / PagBank Connect (CVE-2025-10142) , Sep 11, 2025
Duplicate Page and Post (CVE-2025-6189) , Sep 11, 2025
Advanced Settings (CVE-2025-58975) , Sep 10, 2025