CVE-2025-13054

Name of the Vulnerable Software and Affected Versions User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress versions prior to 3.14.9

Description The software is susceptible to a Stored Cross-Site Scripting issue because of inadequate input sanitization and output escaping on user-supplied attributes. This allows authenticated attackers with contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The issue is related to the plugin’s wppb-embed shortcode.

Recommendations Update to version 3.14.9 or later.