CVE-2025-12965
Published
CVSS v3
6.4
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
The Magical Posts Display plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'mpac_title_tag' parameter in the Magical Posts Accordion widget in all versions up to, and including, 1.2.54 due to insufficient input sanitization and output escaping on user-supplied HTML tag names. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
<p>With just one click, you can easily generate posts Slider, posts carousels, posts Grids, posts accordions, posts tabs, posts tickers, and Categories & Tags Filters for Posts, Pages, and Custom Post Types. This addon helps you showcase your content in various formats, providing an engaging user experience for your visitors. Magical Posts Display is an Elementor addon that simplifies the creation of interactive content displays. Magical Posts Display is compatible with all custom post types. </p>
<h3>✨ – Your All-in-One Tool for News, Magazines, and Blogs</h3>
<p>Magical Posts Display is your ultimate solution for creating amazing News, Magazine, and Blog websites. Think of it as a supercharged plugin that does it all, whether you’re building a blog or a news and magazine site.</p>
<p>With Magical Posts Display, you get fantastic features like the Dynamic Site Builder, Popular Posts, Related Posts, Ajax Filter and Pagination, Post Carousel, Post slider, and much more. Now, with added support for Pages and Custom Post Types, it’s your secret weapon for unlocking your website’s full potential.</p>
<h3>See live preview</h3>
<p><a href="https://mpd.wpcolors.net/" rel="nofollow ugc">Live preview Magical Posts Display </a></p>
<h3>Upgrade Pro For All Features</h3>
<p><a href="https://wpthemespace.com/product/magical-posts-display-pro/" rel="nofollow ugc">View Pro version</a></p>
<h3>See Short video</h3>
<span class="embed-youtube" style="text-align:center; display: block;"><iframe loading="lazy" class="youtube-player" width="750" height="422" src="https://www.youtube.com/embed/7BCThHcUSHk?version=3&rel=1&showsearch=0&showinfo=1&iv_load_policy=1&fs=1&hl=en-US&autohide=2&wmode=transparent" allowfullscreen="true" style="border:0;" sandbox="allow-scripts allow-same-origin allow-popups allow-presentation allow-popups-to-escape-sandbox"></iframe></span>
<p>Magical Posts Display comes with a range of awesome Elementor widgets that make it easy to display your posts in unique and visually appealing ways. The latest addition includes the powerful News/Magazine Image Grid widget, featuring 5 distinct layout styles perfect for news, magazine, and blog websites.</p>
<p>Magical Posts Display is a user-friendly addon that offers many different ways to display your site posts. Our Elementor widgets allow you to customize and set new options for each Magical Posts item, giving you complete control over your content display. In addition, our addon supports post meta, categories, tags, comments, timestamps, and more, making it easy to create a personalized and engaging user experience for your visitors. </p>
<h4>Most powerful features: </h4>
<ul>
<li><strong>Easily display posts, pages, and custom posts anywhere.</strong></li>
<li><strong>Drag & Drop Elementor page builder Widgets.</strong></li>
<li><strong>You can edit every single item</strong></li>
<li><strong>Posts Group Grid </strong></li>
<li><strong>Posts Categories Filter <a href="https://mpd.wpcolors.net/pro-posts-categories-filters/" rel="nofollow ugc">Live preview</a></strong></li>
<li><strong>Posts Tags Filter <a href="https://mpd.wpcolors.net/posts-tag-filter-pro/" rel="nofollow ugc">Live preview</a></strong></li>
<li><strong>Posts Slider <a href="https://mpd.wpcolors.net/pro-post-slider/" rel="nofollow ugc">Live preview</a></strong></li>
<li><strong>Posts Ticker (Latest News) <a href="https://mpd.wpcolors.net/new-posts-ticker-pro/" rel="nofollow ugc">Live preview</a></strong></li>
<li><strong>Posts carousel. <a href="https://mpd.wpcolors.net/pro-posts-carousel-2" rel="nofollow ugc">Live preview</a> | <a href="https://youtu.be/oZJYe4HEI4A" rel="nofollow ugc">Video Tutorial</a></strong></li>
<li><strong>Posts grid card. <a href="https://mpd.wpcolors.net/posts-grid-pro/" rel="nofollow ugc">Live preview</a> | <a href="https://youtu.be/0z5JoFWRyw0" rel="nofollow ugc">Video Tutorial</a></strong></li>
<li><strong>News/Magazine Image Grid – Modern magazine-style layouts with image overlays and 5 unique styles (Classic Magazine, Grid Layout, Compact Grid, Featured Focus, Equal Heights)</strong></li>
<li><strong>News/Magazine Grid – Modern News-style layouts with image and 4 unique styles </strong></li>
<li><strong>Posts Accordion. <a href="https://mpd.wpcolors.net/pro-posts-accordion/" rel="nofollow ugc">Live preview</a> | <a href="https://youtu.be/Y3btoJtd0h8" rel="nofollow ugc">Video Tutorial</a></strong></li>
<li><strong>Posts Tab. <a href="https://mpd.wpcolors.net/pro-posts-tab-2/" rel="nofollow ugc">Live preview</a> | <a href="https://youtu.be/itaSNU8_Zr8" rel="nofollow ugc">Video Tutorial</a></strong></li>
<li><strong>Awesome Posts list. <a href="https://mpd.wpcolors.net/awesome-new-posts-list-pro/" rel="nofollow ugc">Live preview</a> | <a href="https://youtu.be/a2NPlkreH7Y" rel="nofollow ugc">Video Tutorial</a></strong></li>
<li><strong>Posts list card. <a href="https://mpd.wpcolors.net/awesome-new-posts-list-pro/" rel="nofollow ugc">Live preview</a> | <a href="https://youtu.be/AjWr7-YeJx4" rel="nofollow ugc">Video Tutorial</a></strong></li>
<li><strong>Categories gird.</strong></li>
<li><strong>Popular posts widget with image.</strong></li>
<li><strong>Recent posts widget with image.</strong></li>
<li><strong>Posts grid show by shortcode.</strong></li>
<li><strong>Posts time show.</strong></li>
<li><strong>Posts category show.</strong></li>
<li><strong>Posts tag show.</strong></li>
<li><strong>All options show hide features. </strong></li>
<li><strong>User-friendly Editor.</strong></li>
<li><strong>Ajax Loadmore button.</strong></li>
<li><strong>Ajax Categories filter.</strong></li>
<li><strong>Post Position Control – Select specific posts (1st, 2nd, 3rd, 4th) or offset from any position for grid layouts.</strong></li>
</ul>
<h4>Translations</h4>
<ul>
<li>English</li>
</ul>
<h3>Privacy Policy</h3>
<p>Magical Posts Display – Elementor Advanced Posts widgets uses <a href="https://appsero.com" rel="nofollow ugc">Appsero</a> SDK to collect some telemetry data upon user’s confirmation. This helps us to troubleshoot problems faster & make product improvements.</p>
<p>Appsero SDK <strong>does not gather any data by default.</strong> The SDK only starts gathering basic telemetry data <strong>when a user allows it via the admin notice</strong>. We collect the data to ensure a great user experience for all our users.</p>
<p>Integrating Appsero SDK <strong>DOES NOT IMMEDIATELY</strong> start gathering data, <strong>without confirmation from users in any case.</strong></p>
<p>Learn more about how <a href="https://appsero.com/privacy-policy/" rel="nofollow ugc">Appsero collects and uses this data</a>.</p>
WordPress Plugin Directory