cleantalk
Vulnerabilities and Security Researches

Hubbub Lite, CVE-2025-12471

CVE, Research URL

CVE-2025-12471

Home page URL

Security reports for Hubbub Lite

Application

Hubbub Lite

Published on
Nov 06, 2025
Research Description
The Hubbub Lite – Fast, free social sharing and follow buttons plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dpsp_list_attention_search' parameter in all versions up to, and including, 1.36.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.
Affected versions
max 1.36.1.
Status
vulnerable
Previous vulnerability researches
Social Pug: Author Box (CVE-2025-22706) , Jan 22, 2025
Hubbub Lite (CVE-2024-1526) , Jun 06, 2024
Hubbub Lite (CVE-2024-10145) , May 16, 2025
Hubbub Lite (CVE-2016-10736) , Jun 06, 2024
Hubbub Lite (CVE-2023-7154) , Jun 06, 2024
New vulnerability
GitHub Gist Shortcode Plugin (CVE-2025-12667) , Dec 12, 2025
Cryptocurrency Payment Gateway for WooCommerce (CVE-2025-12392) , Dec 12, 2025
Wbcom Designs – Private Community for BuddyPress (CVE-2025-67582) , Dec 12, 2025
WP-Walla (CVE-2025-12589) , Dec 12, 2025
Master Addons for Elementor (CVE-2025-63055) , Dec 12, 2025