cleantalk
Vulnerabilities and Security Researches

WP Plugin Info Card, CVE-2025-5116

CVE, Research URL

CVE-2025-5116

Home page URL

Security reports for WP Plugin Info Card

Application

WP Plugin Info Card

Published on
Jun 03, 2025
Research Description
The WP Plugin Info Card plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘containerid’ parameter in all versions up to, and including, 5.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This issue is due to an incomplete patch for CVE-2025-31835.
Affected versions
max 5.4.0.
Status
vulnerable
Previous vulnerability researches
WP Plugin Info Card (2aa7d35570fa53a8decaa549b9680523a7a9316c) , Jun 07, 2024
WP Plugin Info Card (CVE-2026-2023) , Apr 16, 2026
WP Plugin Info Card (CVE-2025-31835) , Apr 03, 2025
WP Plugin Info Card (CVE-2025-5116) , Jun 15, 2025
New vulnerability
AMP Enhancer – Compatibility Layer for Official AMP Plugin (CVE-2026-2027) , Apr 16, 2026
WaveSurfer-WP (CVE-2026-1909) , Apr 16, 2026
xmlrpc attacks blocker (CVE-2026-2502) , Apr 16, 2026
Templately – Gutenberg & Elementor Template Library: 5000+ Free & Pro Ready Templates & Cloud! (CVE-2026-0831) , Apr 16, 2026
iRobots.txt SEO (CVE-2025-68840) , Apr 16, 2026