CVE-2025-7725: The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Str
highvulnerability
security
Summary
A WordPress plugin called 'Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery' has a stored cross-site scripting vulnerability (XSS, a security flaw where attackers inject malicious code into a website that runs when others visit it) in its comment feature through version 26.1.0. Because the plugin doesn't properly clean and validate user input, unauthenticated attackers can inject harmful scripts that will execute for anyone viewing the affected pages.
Vulnerability Details
CVSS Score
7.2(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Other
Attack SophisticationTrivial
Impact (CIA+S)
integrity
AI Component TargetedPlugin
Affected Vendors
OpenAI
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-7725
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 75%