CVE-2025-12471

Name of the Vulnerable Software and Affected Versions Hubbub Lite versions up to and including 1.36.0

Description The Hubbub Lite – Fast, free social sharing and follow buttons plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages that will execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is present via the dpsp list attention search parameter.

Recommendations Versions prior to and including 1.36.0 should be updated.