cleantalk
Vulnerabilities and Security Researches

WH Tweaks, CVE-2025-67630

CVE, Research URL

CVE-2025-67630

Home page URL

Security reports for WH Tweaks

Application

WH Tweaks

Published on
Dec 24, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2.
Affected versions
max 1.0.2.
Status
vulnerable
Previous vulnerability researches
Skrill Official (CVE-2025-28876) , Mar 13, 2025
New vulnerability
URL Shortener Plugin For WordPress (CVE-2025-10738) , Jan 11, 2026
WPForms Google Sheet Connector (CVE-2025-67570) , Jan 11, 2026
Contact Form Email (CVE-2025-10019) , Jan 11, 2026
WING WordPress Migrator (CVE-2025-52835) , Jan 10, 2026
WP Webhooks &#8211; Automate repetitive tasks by creating powerful automation workflows directly within WordPress (CVE-2025-66074) , Jan 10, 2026