WP Wizard Cloak: Malicious Code Can Be Injected via Reflected Attack

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

WP Wizard Cloak: Malicious Code Can Be Injected via Reflected Attack

CVE-2025-53237

Summary

The WP Wizard Cloak plugin for WordPress is vulnerable to a security issue that could allow hackers to inject malicious code into web pages. This could potentially harm users who interact with affected websites. To fix this, update to the latest version of the plugin or consider replacing it with a secure alternative.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soflyy WP Wizard Cloak wp-wizard-cloak allows Reflected XSS.This issue affects WP Wizard Cloak:...

Original description

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/wp-wizard-cloak/vulnerability/w...

Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026