WordPress · Ninja Pages · CVE-2025-1454
Name of the Vulnerable Software and Affected Versions:
Ninja Pages plugin for WordPress versions 1.4.2 and earlier
Description:
The issue concerns the Ninja Pages WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. This issue can occur even when the `unfiltered html` capability is disallowed, for example, in a multisite setup.
Recommendations:
For Ninja Pages plugin for WordPress versions 1.4.2 and earlier, update to a version that addresses this issue.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.