CVE-2025-12151

Name of the Vulnerable Software and Affected Versions Simple Folio versions prior to 1.1.1

Description The Simple Folio plugin for WordPress is susceptible to Stored Cross-Site Scripting. The issue stems from inadequate input sanitization and output escaping related to the portfolio name parameter. This allows authenticated attackers with Subscriber-level access or higher to inject malicious web scripts into pages. These scripts will then execute when a user accesses the compromised page.

Recommendations Update Simple Folio to version 1.1.1 or later.