CVE-2025-5083

Name of the Vulnerable Software and Affected Versions Amministrazione Trasparente plugin for WordPress versions prior to 9.1

Description The Amministrazione Trasparente plugin for WordPress is susceptible to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. This issue only affects multi-site installations and installations where unfiltered html has been disabled.

Recommendations Update the Amministrazione Trasparente plugin to version 9.1 or later.