CVE-2025-9130

Name of the Vulnerable Software and Affected Versions Unify WordPress Plugin versions through 3.4.7

Description The Unify plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping on user-supplied attributes within the plugin’s unify checkout shortcode. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update the Unify WordPress Plugin to a version later than 3.4.7.