cleantalk
Vulnerabilities and Security Researches

xili-language, CVE-2025-58654

CVE, Research URL

CVE-2025-58654

Home page URL

Security reports for xili-language

Application

xili-language

Published on
Sep 23, 2025
Research Description
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-language xili-language allows DOM-Based XSS.This issue affects xili-language: from n/a through <= 2.21.3.
Affected versions
max 2.21.3.
Status
vulnerable
Previous vulnerability researches
Email Inquiry &amp; Cart Options for WooCommerce (CVE-2026-24526) , Jan 27, 2026
New vulnerability
Zoho Flow (CVE-2025-8479) , Apr 25, 2026
Zoho Flow (CVE-2025-59568) , Apr 25, 2026
Sheets to WP Table Live Sync &#8211; WordPress Table Plugin with Google Sheets Integration (CVE-2025-9543) , Apr 25, 2026
GeoDirectory &#8211; WordPress Business Directory Plugin, or Classified Directory (CVE-2025-6200) , Apr 25, 2026
WPeMatico RSS Feed Fetcher (CVE-2025-57937) , Apr 25, 2026