cleantalk
Vulnerabilities and Security Researches

Trail Manager, CVE-2025-13682

CVE, Research URL

CVE-2025-13682

Home page URL

Security reports for Trail Manager

Application

Trail Manager

Published on
Dec 05, 2025
Research Description
The Trail Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 1.0.0.
Status
vulnerable
Previous vulnerability researches
Eupago Gateway For Woocommerce (CVE-2025-62870) , Dec 11, 2025
Eupago Gateway For Woocommerce (CVE-2023-45638) , Jun 07, 2024
New vulnerability
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
Trail Manager (CVE-2025-13682) , Dec 11, 2025
Course Booking System (CVE-2025-12042) , Dec 11, 2025
Chamber Dashboard Business Directory (CVE-2025-13414) , Dec 11, 2025
Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder (CVE-2025-11560) , Dec 11, 2025