Stored Cross-Site Scripting Vulnerability in Winning Portfolio by Pressfore
CVE-2025-23865
6.5MEDIUM
What is CVE-2025-23865?
The Winning Portfolio plugin for WordPress by Pressfore is subject to a Stored Cross-site Scripting vulnerability. This flaw arises from improper handling of user input during web page generation, potentially allowing attackers to inject malicious scripts. These scripts can execute within a user's browser session, compromising sensitive information and enabling further attacks. The vulnerability affects all versions from n/a to 1.1, necessitating immediate action to safeguard against potential exploits.
Affected Version(s)
Winning Portfolio <= 1.1