CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

April 25, 2025

CVE ID : CVE-2025-0671

Published : April 25, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Next Article CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

Highlights

CVE-2025-43851 – Adobe Retrieval-based-Voice-Conversion-WebUI Remote Code Execution Vulnerability

May 5, 2025

CVE ID : CVE-2025-43851

Published : May 5, 2025, 7:15 p.m. | 18 minutes ago

Description : Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The model_choose variable takes user input (e.g. a path to a model) and passes it to the uvr function in vr.py. In uvr , a new instance of AudioPre class is created with the model_path attribute containing the aformentioned user input. In the AudioPre class, the user input, is used to load the model on that path with torch.load, which can lead to unsafe deserialization and remote code execution. As of time of publication, no known patches exist.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

From Data To Decisions: UX Strategies For Real-Time Dashboards

Honeycomb launches AI observability suite for developers

Low-Code vs No-Code Platforms for Node.js: What CTOs Must Know Before Investing

ServiceNow unveils Zurich AI platform

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Distribution Release: Q4OS 6.1

Learning from PHP Log to File Example

Learning from PHP Log to File Example

Online EMI Calculator using PHP – Calculate Loan EMI, Interest, and Amortization Schedule

Package efficiency and dependency hygiene

Dmitry — The Deep Magic

Dmitry — The Deep Magic

Right way to record and share our Terminal sessions

Windows 11 Powers Up WSL: How GPU Acceleration & Kernel Upgrades Change the Game

CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Student Insider Threats Driving Surge in UK School Data Breaches, ICO Warns

Schemes – create syntax highlighting schemes

Deploy conversational agents with Vonage and Amazon Nova Sonic

CVE-2025-0092 – Google Android Bond Permission Bypass

How to upgrade your deadbolt with a smart lock – and the one I recommend most

CVE-2025-43851 – Adobe Retrieval-based-Voice-Conversion-WebUI Remote Code Execution Vulnerability

MSI Claw A8 Launches with Windows 11 and AMD Ryzen Z2 Extreme

CVE-2025-54062 – WeGIA SQL Injection Vulnerability

Fix Elden Ring: Nightreign Multiplayer Connection Issues on PC

CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Related Posts