cleantalk
Vulnerabilities and Security Researches

Terms descriptions, CVE-2025-6719

CVE, Research URL

CVE-2025-6719

Home page URL

Security reports for Terms descriptions

Application

Terms descriptions

Published on
Jul 18, 2025
Research Description
The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 3.4.8.
Status
vulnerable
Previous vulnerability researches
BuddyPress & BuddyBoss Member Profile Forms (053af10176d1dc3feead6bb1c45f871d35190797) , Jun 07, 2024
New vulnerability
SMTP for Sendinblue – YaySMTP (CVE-2025-48161) , Jul 18, 2025
Theme Builder For Elementor (CVE-2025-54033) , Jul 18, 2025
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-54015) , Jul 18, 2025
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-7360) , Jul 18, 2025
Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks (CVE-2025-7341) , Jul 18, 2025