CVE-2025-11857

Name of the Vulnerable Software and Affected Versions XX2WP Integration Tools versions prior to 1.9.9

Description The XX2WP Integration Tools plugin for WordPress is susceptible to Stored Cross-Site Scripting through the mxp fb2wp display embed shortcode. This occurs because the plugin does not adequately sanitize user input and output of the post id parameter. Authenticated attackers with contributor-level access or higher can inject arbitrary web scripts into pages. These scripts will execute when a user accesses the affected page.

Recommendations Update XX2WP Integration Tools to a version later than 1.9.9.