CVE-2025-3521 – “WordPress Team Members Stored Cross-Site Scripting”

May 1, 2025

CVE ID : CVE-2025-3521

Published : May 1, 2025, 7:15 a.m. | 55 minutes ago

Description : The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social Link icons in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47153 – “Nodejs libuv Out-of-Bounds Access Vulnerability”

Next Article CVE-2025-4153 – PHPGurukul Park Ticketing Management System SQL Injection Vulnerability

Highlights

CVE-2025-49150 – Cursor JSON File Remote Request Vulnerability

June 11, 2025

CVE ID : CVE-2025-49150

Published : June 11, 2025, 6:15 p.m. | 2 hours, 13 minutes ago

Description : Cursor is a code editor built for programming with AI. Prior to 0.51.0, by default, the setting json.schemaDownload.enable was set to True. This means that by writing a JSON file, an attacker can trigger an arbitrary HTTP GET request that does not require user confirmation. Since the Cursor Agent can edit JSON files, this means a malicious agent, for example, after a prompt injection attack already succeeded, could trigger a GET request to an attacker controlled URL, potentially exfiltrating other data the agent may have access to. This vulnerability is fixed in 0.51.0.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Can I use React Server Components (RSCs) today?

Can I use React Server Components (RSCs) today?

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-3521 – “WordPress Team Members Stored Cross-Site Scripting”

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-38552 – Linux Kernel MPTCP Subflow Creation Race Condition Vulnerability

Exploring the funnier side of Microsoft as it celebrates its 50th anniversary with some of the best memes

CVE-2025-49880 – CubeWP Forms Missing Authorization Vulnerability

CVE-2025-6750 – HDF5 Heap-Based Buffer Overflow Vulnerability

CVE-2025-49150 – Cursor JSON File Remote Request Vulnerability

Shadow Vector: Malicious SVGs Deliver AsyncRAT & RemcosRAT in Colombian Phishing Campaign!

You should probably delete any sensitive screenshots you have in your phone right now. Here’s why

Selenium: How to click a button using the button label?

CVE-2025-3521 – “WordPress Team Members Stored Cross-Site Scripting”

Related Posts