VYPR

WP Subtitle

by WordPress

CVEs (2)

  • CVE-2025-57986MedSep 22, 2025
    risk 0.42cvss 6.5epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in husani WP Subtitle wp-subtitle allows Stored XSS.This issue affects WP Subtitle: from n/a through <= 3.4.1.

  • CVE-2022-1393MedMay 16, 2022
    risk 0.35cvss 5.4epss 0.01

    The WP Subtitle WordPress plugin before 3.4.1 adds a subtitle field and provides a shortcode to display it via [wp_subtitle]. The subtitle is stored as a custom post meta with the key: "wps_subtitle", which is sanitized upon post save/update, however is not sanitized when…