CVE-2025-11878 | ST Categories Widget Plugin up to 1.0.0 on WordPress st-categories cross site scripting

October 22, 2025 Yanac

A vulnerability labeled as problematic has been found in ST Categories Widget Plugin up to 1.0.0 on WordPress. Affected is the function st-categories. The manipulation results in cross site scripting.

This vulnerability is reported as CVE-2025-11878. The attack can be launched remotely. No exploit exists.VulDB Recent EntriesRead More

CVE-2025-11809 | WP-Force Images Download Plugin up to 1.8 on WordPress Shortcode cross site scripting
CVE-2025-11819 | WP-Thumbnail Plugin up to 1.1 on WordPress Shortcode cross site scripting