Stored Cross-Site Scripting Vulnerability in Weekly Planner Plugin for WordPress
CVE-2025-12186
4.4MEDIUM
What is CVE-2025-12186?
The Weekly Planner plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability due to inadequate input sanitization and output escaping. This issue affects all versions up to and including 1.0, and it allows authenticated users with administrator-level permissions to inject arbitrary web scripts. The injected scripts are executed when users access affected pages, posing a significant risk, particularly in multi-site installations and those where unfiltered HTML input is disabled.
Affected Version(s)
Weekly Planner * <= 1.0