cleantalk
Vulnerabilities and Security Researches

Ultimate WP Mail, CVE-2025-53454

CVE, Research URL

CVE-2025-53454

Home page URL

Security reports for Ultimate WP Mail

Application

Ultimate WP Mail

Published on
Sep 23, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rustaurius Ultimate WP Mail ultimate-wp-mail allows Stored XSS.This issue affects Ultimate WP Mail: from n/a through <= 1.3.8.
Affected versions
max 1.3.9.
Status
vulnerable
Previous vulnerability researches
HT Mega – Absolute Addons for WPBakery Page Builder (CVE-2025-53463) , Apr 24, 2026
HT Mega – Absolute Addons for WPBakery Page Builder (CVE-2025-53206) , Jul 02, 2025
New vulnerability
WooCommerce Cart Abandonment Recovery (CVE-2026-39470) , Apr 25, 2026
a3 Lazy Load (CVE-2025-9873) , Apr 25, 2026
Brizy &#8211; Page Builder (CVE-2025-0969) , Apr 25, 2026
GHL Wizard (CVE-2025-5483) , Apr 25, 2026
BetterDocs – Best Documentation, FAQ &amp; Knowledge Base Plugin with AI Support (CVE-2026-6393) , Apr 25, 2026