CVE-2025-14138 | WPLG Default Mail From Plugin up to 1.0.0 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

December 11, 2025 Yanac

A vulnerability, which was classified as problematic, has been found in WPLG Default Mail From Plugin up to 1.0.0 on WordPress. The impacted element is an unknown function. The manipulation of the argument $_SERVER[‘PHP_SELF’] leads to cross site scripting.

This vulnerability is listed as CVE-2025-14138. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More