CVE-2025-26754

Name of the Vulnerable Software and Affected Versions: bPlugins Timeline Block versions n/a through 1.1.1

Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious scripts into the website, potentially affecting users who access the compromised page.

Recommendations: For versions n/a through 1.1.1, update to a version that fixes the Stored XSS issue to prevent exploitation. As a temporary workaround, consider restricting access to the Timeline Block feature until a patch is available. Avoid using user-inputted data in the Timeline Block without proper validation and sanitization to minimize the risk of exploitation.