Skip to main content

Website Builder By Seedprod Theme Builder Landing Page Builder Coming Soon Page Maintenance Mode

1 CVEs product

Monthly

CVE-2025-14785 MEDIUM This Month

Stored Cross-Site Scripting in the SeedProd Website Builder WordPress plugin (all versions through 6.20.2) allows authenticated contributors to inject persistent malicious JavaScript via unsanitized attributes of the `seedprodnestedmenuwidget` shortcode. Any user-including administrators-who subsequently visits an affected page will execute the attacker's script in their browser, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit code or CISA KEV listing is identified at time of analysis, but the contributor-level access bar lowers the threshold for abuse on multi-author WordPress sites.

WordPress XSS Website Builder By Seedprod Theme Builder Landing Page Builder Coming Soon Page Maintenance Mode
NVD
CVSS 3.1
6.4
EPSS
0.2%
EPSS 0% CVSS 6.4
MEDIUM This Month

Stored Cross-Site Scripting in the SeedProd Website Builder WordPress plugin (all versions through 6.20.2) allows authenticated contributors to inject persistent malicious JavaScript via unsanitized attributes of the `seedprodnestedmenuwidget` shortcode. Any user-including administrators-who subsequently visits an affected page will execute the attacker's script in their browser, enabling session hijacking, credential theft, or unauthorized administrative actions. No public exploit code or CISA KEV listing is identified at time of analysis, but the contributor-level access bar lowers the threshold for abuse on multi-author WordPress sites.

WordPress XSS Website Builder By Seedprod Theme Builder Landing Page Builder Coming Soon Page Maintenance Mode
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy