CVE-2025-11753: Multi-language Responsive Portfolio WordPress <= 1.0 - Authenticated (Admin+) Stored Cross-Site Scripting
The Bootstrap Multi-language Responsive Portfolio plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfilteredhtml has been disabled.
Affected Software
Event History
Frequently Asked Questions
What is the severity of CVE-2025-11753?
The severity of CVE-2025-11753 is considered high due to its potential for Stored Cross-Site Scripting attacks.
How do I fix CVE-2025-11753?
To fix CVE-2025-11753, update the Bootstrap Multi-language Responsive Portfolio plugin to version 1.1 or later, which includes the necessary security patches.
What systems are affected by CVE-2025-11753?
CVE-2025-11753 affects all versions of the Bootstrap Multi-language Responsive Portfolio plugin for WordPress up to and including version 1.0.
What kind of attack can be executed due to CVE-2025-11753?
Due to CVE-2025-11753, an authenticated attacker can execute Stored Cross-Site Scripting (XSS) attacks via admin settings.
Is there a public disclosure for CVE-2025-11753?
Yes, CVE-2025-11753 has been publicly disclosed and documented in various security advisories related to WordPress plugin vulnerabilities.