CVE-2025-13746

Name of the Vulnerable Software and Affected Versions ForumWP – Forum & Discussion Board plugin for WordPress versions prior to 2.1.7

Description The ForumWP plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping when handling a User's Display Name. Authenticated attackers with Subscriber-level access or higher can inject malicious web scripts into pages. These scripts will then execute whenever a user views the affected page.

Recommendations Update to version 2.1.7 or later.