CVE-2025-10180: Wp Unescaped Markdown Output
Unsanitized Markdown parsed output is returned or printed. Markdown naturally allows raw HTML inclusions, so printing or returning parsed markdown without sanitization can lead to Stored or Reflected XSS if the original Markdown is user-controlled. Always sanitize the output using `wp_kses_post()`, `esc_html()`, or similar functions.
Provally CuratedPublic repositoryMediumMedium confidenceVerifiedApache-2.0
PHPβ
PHPβgreprules fetch cve-2025-10180-wp-unescaped-markdown-output --engine opengrepDescription
Unsanitized Markdown parsed output is returned or printed. Markdown naturally allows raw HTML inclusions, so printing or returning parsed markdown without sanitization can lead to Stored or Reflected XSS if the original Markdown is user-controlled. Always sanitize the output using `wp_kses_post()`, `esc_html()`, or similar functions.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0