CVE-2025-4100 – Nautic Pages WordPress Stored Cross-Site Scripting

May 1, 2025

CVE ID : CVE-2025-4100

Published : May 1, 2025, 7:15 a.m. | 55 minutes ago

Description : The Nautic Pages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘np_marinetraffic_map’ shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4154 – PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

Next Article CVE-2025-47153 – “Nodejs libuv Out-of-Bounds Access Vulnerability”

Highlights

CVE-2025-5595 – FreeFloat FTP Server Buffer Overflow

June 4, 2025

CVE ID : CVE-2025-5595

Published : June 4, 2025, 5:15 p.m. | 2 hours, 21 minutes ago

Description : A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component PROGRESS Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

DistroWatch Weekly, Issue 1126

It’s the year of Linux… at least for Denmark — here’s why the country’s government is dumping Windows and Office 365

Grounded 2’s best feature is happening because Obsidian left the Xbox One behind

6 registry tweaks every tech-savvy user must apply on Windows 11

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

DistroWatch Weekly, Issue 1126

Find ASCII Emoji Easily with this GNOME Shell Applet

CVE-2025-4100 – Nautic Pages WordPress Stored Cross-Site Scripting

LibreOffice 25.8 Beta 2 Drops Support for Windows 7/8/8.1 and All 32-bit Systems

IBM Backup Services Vulnerability Let Attackers Escalate Privileges

CVE-2025-30325 – Adobe Photoshop Integer Overflow Arbitrary Code Execution

State-of-the-art video and image generation with Veo 2 and Imagen 3

Generative AI in the Enterprise: Transforming Everything from Content to Code🚀

AlphaProteo generates novel proteins for biology and health research

CVE-2025-5595 – FreeFloat FTP Server Buffer Overflow

CVE-2025-48788 – Apache HTTP Server Credentials Disclosure

Navigating AI Regulations in 2025: A Practical Guide for Forward-Thinking Businesses📘

A New “Web” Readiness Report

CVE-2025-4100 – Nautic Pages WordPress Stored Cross-Site Scripting

Related Posts