CVE-2025-1454

Name of the Vulnerable Software and Affected Versions: Ninja Pages plugin for WordPress versions 1.4.2 and earlier

Description: The issue concerns the Ninja Pages WordPress plugin, which does not properly sanitize and escape some of its settings. This could allow high-privilege users, such as administrators, to perform Stored Cross-Site Scripting attacks. This issue can occur even when the unfiltered html capability is disallowed, for example, in a multisite setup.

Recommendations: For Ninja Pages plugin for WordPress versions 1.4.2 and earlier, update to a version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.