Stored Cross-Site Scripting Vulnerability in MarqueeAddons Plugin for WordPress

[Shane1145]

The MarqueeAddons plugin for WordPress exhibits a vulnerability that allows for Stored Cross-Site Scripting through its Testimonial Marquee widget. This flaw arises from inadequate input sanitization and output escaping on user-supplied attributes, enabling authenticated users with contributor-level access or higher to insert arbitrary scripts into pages. Consequently, these scripts execute when any user views an affected page, potentially compromising user data and website integrity.

https://securityvulnerability.io/vulner ... -2025-8199