CVE-2025-14313

Name of the Vulnerable Software and Affected Versions Advance WP Query Search Filter WordPress plugin versions through 1.0.10

Description The software does not properly sanitize and escape a parameter before displaying it, potentially leading to a Reflected Cross-Site Scripting issue. This could be leveraged against users with high privileges, such as administrators. The issue involves improper handling of user-supplied input, which can be reflected back into the web page without adequate sanitization. This allows an attacker to inject malicious scripts into the page, which are then executed by the victim's browser.

Recommendations Update to a version beyond 1.0.10.