Stored Cross-Site Scripting Vulnerability in Bootstrap Multi-language Responsive Portfolio Plugin for WordPress

CVE-2025-11753

What is CVE-2025-11753?

The Bootstrap Multi-language Responsive Portfolio plugin for WordPress has a vulnerability that allows stored Cross-Site Scripting (XSS) through insecure admin settings in all versions up to and including 1.0. This issue arises from insufficient sanitization of user input and improper output escaping. As a result, an authenticated attacker with administrator-level permissions can successfully inject arbitrary web scripts into pages. The dangerous scripts will execute whenever an authorized user views the compromised page. This vulnerability is particularly concerning for installations in multi-site environments or setups where the 'unfiltered_html' capability has been disabled, increasing risks associated with content manipulation and user interaction.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

References