PatchSiren

seedprod CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

MEDIUM seedprod CVE published 2026-07-08

CVE-2025-14785

The Website Builder by SeedProd plugin for WordPress has a Stored Cross-Site Scripting vulnerability via the plugin's shortcode in all versions up to 6.20.2. This vulnerability allows authenticated attackers with contributor level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability has a CVSS score of 6.4 and a severity o [truncated]