Stored Cross-Site Scripting Vulnerability in WP Delete Post Copies Plugin for WordPress
CVE-2025-12066
4.4MEDIUM
What is CVE-2025-12066?
The WP Delete Post Copies plugin for WordPress is prone to a Stored Cross-Site Scripting vulnerability via admin settings in all versions up to and including 6.0.2. This issue arises from inadequate input sanitization and output escaping, allowing authenticated attackers with administrator-level permissions to inject arbitrary web scripts. Such scripts will be executed when users access the compromised pages. The vulnerability predominantly affects multi-site installations and configurations where unfiltered_html is disabled, posing significant risks to site integrity.
Affected Version(s)
WP Delete Post Copies * <= 6.0.2