CVE-2025-63005

Name of the Vulnerable Software and Affected Versions Tomas WordPress Tooltips versions through 10.7.9

Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-site Scripting (XSS) issue. This allows for the injection of malicious scripts into web pages. The vulnerability affects the way user-supplied data is processed and displayed, potentially enabling an attacker to execute arbitrary code within the context of a user's browser. The affected component is susceptible to attacks where malicious code is stored on the target server and then delivered to users when they view the affected page.

Recommendations Update Tomas WordPress Tooltips to a version later than 10.7.9.