CVE-2025-11265 | VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress vkExUnit_cta_url custom_field_name cross site scripting

A vulnerability classified as problematic has been found in VK All in One Expansion Unit Plugin up to 9.112.1 on WordPress. This vulnerability affects the function vkExUnit_cta_url. Performing manipulation of the argument custom_field_name results in cross site scripting.

This vulnerability is cataloged as CVE-2025-11265. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More