What the vulnerability does
01Description
Improper Neutralization of Formula Elements in a CSV File vulnerability in Denis V (Artprima) AP HoneyPot WordPress Plugin ap-honeypot allows Reflected XSS.This issue affects AP HoneyPot WordPress Plugin: from n/a through <= 1.4.
Explanation of Vulnerability in Simple Terms
02Summary
The AP HoneyPot WordPress plugin through version 1.4 contains a vulnerability that allows an attacker to read or modify site data and disrupt service. The attack requires the victim to visit a malicious link or page. The vulnerability affects the entire WordPress site, not just the plugin itself.
What an attacker can do
03Attacker Capabilities
Read or modify site data, or disrupt the site's availability by tricking a user into visiting a malicious link.
Potential impact on your site
04Site Impact
Site data could be exposed or altered, and service availability could be affected without your direct action.
Conditions required to exploit
05Prerequisites
Victim must click a malicious link or visit an attacker-controlled page; no authentication required.
Key dates
06Disclosure timeline
September 5, 2025
CVE published
May 13, 2026
Record updated