MEDIUM
seedprod
CVE published 2026-07-08
CVE-2025-14785
The Website Builder by SeedProd plugin for WordPress has a Stored Cross-Site Scripting vulnerability via the plugin's shortcode in all versions up to 6.20.2. This vulnerability allows authenticated attackers with contributor level access and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The vulnerability has a CVSS score of 6.4 and a severity o [truncated]