CVE-2025-14125 | Complag Plugin up to 1.0.2 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

December 11, 2025 Yanac

A vulnerability identified as problematic has been detected in Complag Plugin up to 1.0.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

This vulnerability is uniquely identified as CVE-2025-14125. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More