CVE-2025-13311

Name of the Vulnerable Software and Affected Versions Just Highlight versions prior to 1.0.4

Description The Just Highlight plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to insufficient input sanitization and output escaping in the 'Highlight Color' setting. This allows authenticated attackers with administrator-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the plugin’s settings page.

Recommendations Update Just Highlight to version 1.0.4 or later.