cleantalk
Vulnerabilities and Security Researches

A/B Testing for WordPress, CVE-2025-4587

CVE, Research URL

CVE-2025-4587

Home page URL

Security reports for A/B Testing for WordPress

Application

A/B Testing for WordPress

Published on
Jun 27, 2025
Research Description
The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ab-testing-for-wp/ab-test-block' block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the 'id' parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.18.2.
Status
vulnerable
Previous vulnerability researches
Grid Accordion Lite (CVE-2024-11874) , Jan 11, 2025
New vulnerability
CSV Importer Improved (CVE-2025-50013) , Jul 04, 2025
WooCommerce PDF Invoice Builder, Create invoices, packing slips and more (CVE-2025-53203) , Jul 04, 2025
Infility Global (CVE-2025-52774) , Jul 04, 2025
Additional Order Filters for WooCommerce (CVE-2025-53271) , Jul 04, 2025
Aviation Weather from NOAA (CVE-2025-28980) , Jul 04, 2025