{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-04T03:21:41.392","vulnerabilities":[{"cve":{"id":"CVE-2025-14554","sourceIdentifier":"security@wordfence.com","published":"2026-01-31T14:16:59.983","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Sell BTC - Cryptocurrency Selling Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'orderform_data' AJAX action in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in order records that will execute whenever an administrator accesses the Orders page in the admin dashboard. The vulnerability was partially patched in version 1.5."},{"lang":"es","value":"El plugin Sell BTC - Cryptocurrency Selling Calculator para WordPress es vulnerable a cross-site scripting almacenado a través de la acción AJAX 'orderform_data' en todas las versiones hasta la 1.5, inclusive, debido a una sanitización de entrada y un escape de salida insuficientes. Esto permite que atacantes no autenticados inyecten scripts web arbitrarios en los registros de pedidos que se ejecutarán cada vez que un administrador acceda a la página de Pedidos en el panel de administración. La vulnerabilidad fue parcialmente parcheada en la versión 1.5."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-79"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/Pages/orders.php#L30","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/functions-admin.php#L39","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/sell-btc-by-hayyatapps/trunk/functions/form_tab.php#L12","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3433480/","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset/3450361/","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/720be34d-3fe4-4395-a27b-d386f8612ba9?source=cve","source":"security@wordfence.com"}]}}]}