cleantalk
Vulnerabilities and Security Researches

WordPress Tooltips, CVE-2025-63005

CVE, Research URL

CVE-2025-63005

Home page URL

Security reports for WordPress Tooltips

Application

WordPress Tooltips

Published on
Dec 31, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tomas WordPress Tooltips allows Stored XSS.This issue affects WordPress Tooltips: from n/a through 10.7.9.
Affected versions
max 10.7.9.
Status
vulnerable
Previous vulnerability researches
SKT Skill Bar (CVE-2025-66090) , Dec 11, 2025
SKT Skill Bar (CVE-2024-38698) , Jul 15, 2024
SKT Skill Bar (CVE-2025-47482) , May 09, 2025
SKT Skill Bar (CVE-2025-26880) , Apr 15, 2025
New vulnerability
WP Visitor Statistics (Real Time Traffic) (CVE-2025-67983) , Jan 10, 2026
BBP Core – Expand bbPress powered forums with useful features (CVE-2025-68572) , Jan 10, 2026
WP-EasyArchives (CVE-2025-49345) , Jan 10, 2026
NS Ie Compatibility Fixer (CVE-2025-14845) , Jan 10, 2026
Review for Discount for WooCommerce (CVE-2025-14070) , Jan 10, 2026