CVE-2025-12652 | Ungapped Widgets Plugin on WordPress prefillvalues cross site scripting

November 10, 2025 Yanac

A vulnerability was found in Ungapped Widgets Plugin on WordPress and classified as problematic. Affected is an unknown function. Such manipulation of the argument prefillvalues leads to cross site scripting.

This vulnerability is listed as CVE-2025-12652. The attack may be performed from remote. There is no available exploit.VulDB Recent EntriesRead More

CVE-2025-11829 | Five9 Live Chat Plugin up to 1.1.2 on WordPress Shortcode cross site scripting
CVE-2025-12644 | Nonaki Plugin up to 1.0.11 on WordPress Shortcode nonaki cross site scripting