WordPress Password Tool XSS in lty628 aidigu Plugin

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

WordPress Password Tool XSS in lty628 aidigu Plugin

CVE-2025-70846

Summary

A security issue exists in the lty628 aidigu plugin for WordPress that can allow an attacker to inject malicious code into the password input field on the Password tool page. This could potentially allow an attacker to steal sensitive information or take control of user accounts. To protect your site, update the lty628 aidigu plugin to the latest version.

Original title

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.

Original description

lty628 aidigu v1.9.1 is vulnerable to Cross Site Scripting (XSS) on the /tools/Password/add page in the input field password.

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://github.com/J4cky1028/vulnerability-research/tree/main/CVE-2025-70846
https://github.com/lty628/aidigu

Published: 17 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026