cleantalk
Vulnerabilities and Security Researches

Interactive Medical Drawing of Human Body, CVE-2025-9332

CVE, Research URL

CVE-2025-9332

Home page URL

Security reports for Interactive Medical Drawing of Human Body

Application

Interactive Medical Drawing of Human Body

Published on
Oct 03, 2025
Research Description
The Interactive Human Anatomy with Clickable Body Parts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
Affected versions
max 2.6.
Status
vulnerable
Previous vulnerability researches
Interactive Medical Drawing of Human Body (CVE-2025-9332) , Oct 11, 2025
Interactive Medical Drawing of Human Body (CVE-2023-53593) , Jun 13, 2026
Interactive Medical Drawing of Human Body (CVE-2022-0388) , Jun 10, 2024
New vulnerability
WPEventPartners Demo Import (CVE-2023-33999) , Jun 13, 2026
User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin (CVE-2025-14976) , Jun 13, 2026
Advance Menu Manager (CVE-2023-33999) , Jun 13, 2026
Free Woocommerce Product Table View – Woo Table Pro (CVE-2025-31758) , Jun 13, 2026
Newsletters (CVE-2025-67911) , Jun 13, 2026