CVE-2025-13852 | Debt.com Business in a Box Plugin up to 4.1.0 on WordPress Shortcode lead_form configuration cross site scripting

A vulnerability was found in Debt.com Business in a Box Plugin up to 4.1.0 on WordPress. It has been classified as problematic. This vulnerability affects the function lead_form of the component Shortcode Handler. Performing a manipulation of the argument configuration results in cross site scripting.

This vulnerability was named CVE-2025-13852. The attack may be initiated remotely. There is no available exploit.VulDB Recent EntriesRead More