cleantalk
Vulnerabilities and Security Researches

CryptX, CVE-2025-13739

CVE, Research URL

CVE-2025-13739

Home page URL

Security reports for CryptX

Application

CryptX

Published on
Dec 05, 2025
Research Description
The CryptX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's `cryptx` shortcode in all versions up to, and including, 4.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
max 4.0.4.
Status
vulnerable
Previous vulnerability researches
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-1291) , Mar 05, 2025
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-5819) , Jul 01, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-12581) , Dec 15, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2024-10785) , Nov 21, 2024
Gutenberg Blocks by Kadence Blocks – Page Builder Features (CVE-2025-24753) , Jan 26, 2025
New vulnerability
Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form (CVE-2026-25418) , Feb 28, 2026
Image Photo Gallery Final Tiles Grid (CVE-2026-25375) , Feb 28, 2026
Share This Image (CVE-2026-25010) , Feb 28, 2026
Bold Page Builder (CVE-2026-25451) , Feb 28, 2026
Bold Page Builder (CVE-2025-13463) , Feb 28, 2026