CVE-2025-11867

Name of the Vulnerable Software and Affected Versions Bg Book Publisher versions prior to 1.26

Description The Bg Book Publisher plugin for WordPress is susceptible to Stored Cross-Site Scripting through the book author post meta, which is rendered using the [book author] shortcode. The plugin does not properly sanitize the meta value before displaying it, allowing authenticated attackers with contributor-level access or higher to inject malicious web scripts into pages. These scripts will execute when a user views the affected page.

Recommendations Update Bg Book Publisher to version 1.26 or later.