cleantalk
Vulnerabilities and Security Researches

Breeze Display, CVE-2025-3749

CVE, Research URL

CVE-2025-3749

Home page URL

Security reports for Breeze Display

Application

Breeze Display

Published on
Apr 25, 2025
Research Description
The Breeze Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘cal_size’ parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.2.4.
Status
vulnerable
Previous vulnerability researches
Capturly (CVE-2025-39379) , Apr 25, 2025
New vulnerability
Create custom forms for WordPress with a smart form plugin for smart businesses – Form builder for WordPress (CVE-2025-2801) , Apr 27, 2025
Integração entre Eduzz e Woocommerce (CVE-2025-3906) , Apr 27, 2025
Xelion Webchat (CVE-2025-3058) , Apr 27, 2025
Breeze Display (CVE-2025-3749) , Apr 27, 2025
Add Google +1 (Plus one) social share Button (CVE-2025-3866) , Apr 27, 2025