cleantalk
Vulnerabilities and Security Researches

Broadstreet, CVE-2025-4652

CVE, Research URL

CVE-2025-4652

Home page URL

Security reports for Broadstreet

Application

Broadstreet

Published on
Jun 09, 2025
Research Description
The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Affected versions
Min -, max 1.51.8.
Status
vulnerable
Previous vulnerability researches
Razorpay Payment Button Elementor Plugin (CVE-2024-10850) , Nov 14, 2024
Razorpay Payment Button Plugin (CVE-2024-10851) , Nov 14, 2024
New vulnerability
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025
Broadstreet (CVE-2025-4652) , Jun 20, 2025