cleantalk
Vulnerabilities and Security Researches

Terms descriptions, CVE-2025-6719

CVE, Research URL

CVE-2025-6719

Home page URL

Security reports for Terms descriptions

Application

Terms descriptions

Published on
Jul 18, 2025
Research Description
The Terms descriptions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
Min -, max 3.4.8.
Status
vulnerable
Previous vulnerability researches
BuddyForms Form Elements for WooCommerce (39d1f22f-ea34-4d94-9dc2-12661cf69d36) , Jun 07, 2024
New vulnerability
Knowledge Base (CVE-2025-7431) , Jul 18, 2025
Real Estate Property 2024 Create Your Own Fields and Search Bar WP Plugin (CVE-2025-48150) , Jul 18, 2025
Infility Global (CVE-2025-47652) , Jul 18, 2025
WP-BusinessDirectory – Business directory plugin for WordPress (CVE-2025-24759) , Jul 18, 2025
Vertical scroll image slideshow gallery (CVE-2025-5752) , Jul 18, 2025