CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

April 25, 2025

CVE ID : CVE-2025-3868

Published : April 25, 2025, 7:15 a.m. | 14 minutes ago

Description : The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘menuObject’ parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46616 – Quantum StorNext Web GUI API RCE

Next Article CVE-2025-3867 – WordPress Ajax Comment Form CST CSRF

Sunshine And March Vibes (2025 Wallpapers Edition)

How To Fix Largest Contentful Paint Issues With Subpart Analysis

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Prevent WordPress SQL Injection Attacks

Microsoft finally ships controversial Windows 11 ‘Recall’ feature after year-long delay — now rolling out to all Copilot+ PCs

Oblivion Remastered loses the most helpful settings on PC thanks to a botched Game Pass update

Best PC gaming desktops for playing The Elder Scrolls 4: Oblivion Remastered in 2025

As big hitting Xbox first-party titles head to PlayStation 5, which games would you like to see head the other way?

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Microsoft finally ships controversial Windows 11 ‘Recall’ feature after year-long delay — now rolling out to all Copilot+ PCs

Microsoft finally ships controversial Windows 11 ‘Recall’ feature after year-long delay — now rolling out to all Copilot+ PCs

Oblivion Remastered loses the most helpful settings on PC thanks to a botched Game Pass update

Best PC gaming desktops for playing The Elder Scrolls 4: Oblivion Remastered in 2025

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

SAP Confirms Critical NetWeaver Flaw Amid Suspected Zero-Day Exploitation by Hackers

Building a Retrieval-Augmented Generation (RAG) System with DeepSeek R1: A Step-by-Step Guide

When to Choose Sitecore Connect: Solving Integration Challenges

Why design is for everyone

The AI Fix #13: ChatGPT runs for mayor, and should we stop killer robots?

Secret Level asked Microsoft about an awesome Halo and Doom crossover — “Crafting this impassioned letter of my childhood,” but Microsoft said: “Nah.”

MInference (Milliontokens Inference): A Training-Free Efficient Method for the Pre-Filling Stage of Long-Context LLMs Based on Dynamic Sparse Attention

Microsoft Office Lens: A Powerful Tool for Capturing and Organizing Information

Top 10 Explainable AI (XAI) Frameworks

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

Related Posts