CVE-2025-13704

Name of the Vulnerable Software and Affected Versions Autogen Headers Menu plugin for WordPress versions up to and including 1.0.1

Description The Autogen Headers Menu plugin for WordPress is susceptible to Stored Cross-Site Scripting through the head class parameter of the autogen menu shortcode. Insufficient input sanitization and output escaping allow authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts into pages. These scripts will execute when a user accesses the injected page. The vulnerable parameter is head class within the autogen menu shortcode.

Recommendations Versions prior to and including 1.0.1 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.