CVE-2025-6261

Name of the Vulnerable Software and Affected Versions Fleetwire Fleet Management versions prior to 1.0.20

Description The Fleetwire Fleet Management plugin for WordPress is susceptible to stored cross-site scripting through the fleetwire list shortcode due to insufficient input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages, which will execute when a user accesses the injected page.

Recommendations Update Fleetwire Fleet Management to version 1.0.20 or later.