WordPress WH Tweaks plugin <= 1.0.2 - Cross Site Scripting (XSS) vulnerability
CVE-2025-67630

Currently unrated

Key Information:

Vendor

WordPress
Status
Wh Tweaks
Vendor
CVE Published:
24 December 2025

What is CVE-2025-67630?

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webheadcoder WH Tweaks wh-tweaks allows Stored XSS.This issue affects WH Tweaks: from n/a through <= 1.0.2.

Affected Version(s)

WH Tweaks <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wh-t...
vdb-entry

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Muhammad Nur Ibnu Hubab | Patchstack Bug Bounty Program
JSON
.
CVE-2025-67630 : Cross-Site Scripting Vulnerability in WH Tweaks by Webheadcoder