cleantalk
Vulnerabilities and Security Researches

Backwp, CVE-2025-28956

CVE, Research URL

CVE-2025-28956

Home page URL

Security reports for Backwp

Application

Backwp

Published on
Jun 27, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wphobby Backwp allows Reflected XSS. This issue affects Backwp: from n/a through 2.0.2.
Affected versions
Min -, max 2.0.2.
Status
vulnerable
Previous vulnerability researches
Flexo Counter (CVE-2025-50052) , Jul 01, 2025
New vulnerability
Address Autocomplete via Google for Gravity Forms (CVE-2025-53263) , Jul 03, 2025
Spoki – Chat Buttons and WooCommerce Notifications (CVE-2025-50026) , Jul 03, 2025
Amazon Products to WooCommerce (CVE-2025-5813) , Jul 03, 2025
Breeze – WordPress Cache Plugin (CVE-2025-23999) , Jul 03, 2025
Twitch TV Embed Suite (CVE-2025-53313) , Jul 03, 2025