1. CVE-2025-12368: Unpatched Stored XSS in Sermon Manager Shortcode Exposes WordPress Sites to Browser Attacks
A confirmed stored cross-site scripting vulnerability in the Sermon Manager WordPress plugin remains without an upstream patch, leaving websites vulnerable to authenticated attacks that execute malicious code in every visitor's browser. CVE-2025-12368 carries a CVSS score of 6.4 (Medium), but security researchers have ...