CVE-2025-6200
The GeoDirectory WordPress plugin before 2.8.120 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Vendor
Product
CWE
Yayın Tarihi
2025-07-11 06:15:25
Güncelleme
2026-01-09 21:16:13
Source Identifier
contact@wpscan.com
KEV Date Added
-