CVE-2025-13701

Name of the Vulnerable Software and Affected Versions Shabat Keeper versions up to and including 0.4.4

Description The Shabat Keeper plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages. Successful exploitation requires tricking a user into performing an action, such as clicking a malicious link. The vulnerability is related to the $ SERVER['PHP SELF'] parameter.

Recommendations Update Shabat Keeper to a version newer than 0.4.4