CVE-2025-60040

Name of the Vulnerable Software and Affected Versions wp-mpdf versions through 3.9.1

Description The software contains a flaw related to improper handling of user-supplied data when creating web pages, potentially leading to Cross-site Scripting (XSS). This allows for the injection of malicious scripts into web pages viewed by other users. The issue is a Stored XSS, meaning the malicious script is permanently stored on the target server.

Recommendations Update wp-mpdf to a version later than 3.9.1.