CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

April 25, 2025

CVE ID : CVE-2025-3868

Published : April 25, 2025, 7:15 a.m. | 14 minutes ago

Description : The Custom Admin-Bar Favorites plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘menuObject’ parameter in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46616 – Quantum StorNext Web GUI API RCE

Next Article CVE-2025-3867 – WordPress Ajax Comment Form CST CSRF

Highlights

CVE-2025-47274 – ToolHive Inadvertent Secrets Storage Vulnerability

May 12, 2025

CVE ID : CVE-2025-47274

Published : May 12, 2025, 3:16 p.m. | 1 hour, 18 minutes ago

Description : ToolHive is a utility designed to simplify the deployment and management of Model Context Protocol (MCP) servers. Due to the ordering of code used to start an MCP server container, versions of ToolHive prior to 0.0.33 inadvertently store secrets in the run config files which are used to restart stopped containers. This means that an attacker who has access to the home folder of the user who starts the MCP server can read secrets without needing access to the secrets store itself. This only applies to secrets which were used in containers whose run configs exist at a point in time – other secrets remaining inaccessible. ToolHive 0.0.33 fixes the issue. Some workarounds are available. Stop and delete any running MCP servers, or manually remove any runconfigs from `$HOME/Library/Application Support/toolhive/runconfigs/` (macOS) or `$HOME/.state/toolhive/runconfigs/` (Linux).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Facebook turns 11 – what you need to know, and what do your likes say about you?

April 9, 2025

Anthropic finds alarming ’emerging trends’ in Claude misuse report

April 25, 2025

Minecraft is enjoying a significant player boost and an increase in sales thanks to the success of its big screen counterpart

April 11, 2025

How To Prevent WordPress SQL Injection Attacks

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Databricks adds new tools like Lakebase, Lakeflow Designer, and Agent Bricks to better support building AI apps and agents in the enterprise

Zencoder launches end-to-end UI testing agent

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

The Alters PC review: I’m rethinking my own life paths after falling in love with a sci-fi game

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

SVAR Svelte Filter: Visual Query Builder for Data-Driven Apps

Developing a Serverless Blogging Platform with AWS Lambda and Python

YAML files in DBT

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

NVIDIA chief rebuffs Anthropic’s AI slashing 50% of entry-level white collar jobs from Gen Z claim: “He thinks AI is so scary, but only they should do it.”

OpenAI shifts to Google for cloud computing support as Microsoft partnership falters, despite Sam Altman’s “compute-sufficient” claim

Clair Obscur: Expedition 33 now lets you rematch the game’s most brutal boss

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

Zero-Click AI Vulnerability Exposes Microsoft 365 Copilot Data Without User Interaction

Windows SMB Client Zero-Day Vulnerability Exploited Using Reflective Kerberos Relay Attack

Why Your Business Needs a React Native Mobile App in 2025

Dear Penguins We Hate Him Too Anti-Trump Shirt

Microsoft doc says recycle Windows 10 PCs if they can’t upgrade to Windows 11

Laravel DomPDF: How to Add Page Numbers

CVE-2025-47274 – ToolHive Inadvertent Secrets Storage Vulnerability

Facebook turns 11 – what you need to know, and what do your likes say about you?

Anthropic finds alarming ’emerging trends’ in Claude misuse report

Minecraft is enjoying a significant player boost and an increase in sales thanks to the success of its big screen counterpart

CVE-2025-3868 – WordPress Custom Admin-Bar Favorites Reflected Cross-Site Scripting

Related Posts