cleantalk
Vulnerabilities and Security Researches

Amministrazione Trasparente, CVE-2025-5083

CVE, Research URL

CVE-2025-5083

Home page URL

Security reports for Amministrazione Trasparente

Application

Amministrazione Trasparente

Published on
Aug 31, 2025
Research Description
The Amministrazione Trasparente plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 9.1.
Status
vulnerable
Previous vulnerability researches
Booking System Trafft (CVE-2025-58213) , Aug 28, 2025
Booking System Trafft (CVE-2024-11754) , Dec 15, 2024
New vulnerability
TablePress – Tables in WordPress made easy (CVE-2025-9500) , Sep 02, 2025
Chatbox Manager (CVE-2025-58211) , Sep 02, 2025
WooCommerce Payment Gateway for Saferpay (CVE-2025-48317) , Sep 02, 2025
iATS Online Forms (CVE-2025-9441) , Sep 02, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-53328) , Sep 02, 2025