CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

April 25, 2025

CVE ID : CVE-2025-0671

Published : April 25, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Next Article CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

Making V8 eager to compile your JavaScript

Google’s NotebookLM can gather your research sources for you now – and it’s free

MSI’s new handheld houses AMD Z2 Extreme instead of Intel Core Ultra and its actually available in a color other than white or black

CVE-2025-4255 – PCMan FTP Server RMD Command Handler Buffer Overflow

PowerToys brings “Command Palette” to Windows 11 as a new launcher experience

Teedoc is a simple static website/document/blog generator

A Coding Guide to Build an Agentic AI‑Powered Asynchronous Ticketing Assistant Using PydanticAI Agents, Pydantic v2, and SQLite Database

Phishing Campaigns Use Real-Time Checks to Validate Victim Emails Before Credential Theft

CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Related Posts