cleantalk
Vulnerabilities and Security Researches

Cornerstone, CVE-2025-63072

CVE, Research URL

CVE-2025-63072

Home page URL

Security reports for Cornerstone

Application

Cornerstone

Published on
Dec 09, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in THEMECO Cornerstone cornerstone allows Stored XSS.This issue affects Cornerstone: from n/a through <= 7.7.3.
Affected versions
max 7.7.3.
Status
vulnerable
Previous vulnerability researches
Cornerstone (CVE-2025-63072) , Jan 10, 2026
Cornerstone (CVE-2024-28002) , Jun 07, 2024
Cornerstone (CVE-2024-32570) , Jun 07, 2024
Cornerstone (CVE-2026-54185) , Jun 19, 2026
Cornerstone (CVE-2026-49113) , Jun 09, 2026
New vulnerability
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11777) , Jun 19, 2026
Form Maker by 10Web &#8211; Mobile-Friendly Drag &amp; Drop Contact Form Builder (CVE-2026-11776) , Jun 19, 2026
LearnPress &#8211; WordPress LMS Plugin (CVE-2026-8383) , Jun 19, 2026
WP Travel Gutenberg Blocks (CVE-2026-54808) , Jun 19, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-12157) , Jun 19, 2026