VYPR

prettyPhoto library

by WordPress

CVEs (1)

  • CVE-2025-2540MedJul 3, 2025
    risk 0.35cvss 6.4epss 0.00

    Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for…