CVE-2025-13895

Name of the Vulnerable Software and Affected Versions Top Position Google Finance versions up to and including 0.1.0

Description The Top Position Google Finance plugin for WordPress is susceptible to Reflected Cross-Site Scripting due to inadequate input sanitization and output escaping. This allows unauthenticated attackers to inject arbitrary web scripts into pages, which can execute if a user is tricked into performing an action, such as clicking a link. The vulnerability is related to the $ SERVER['PHP SELF'] variable.

Recommendations Update Top Position Google Finance to a version newer than 0.1.0.