CVE-2025-3504 – WP Maps Stored Cross-Site Scripting Vulnerability

May 1, 2025

CVE ID : CVE-2025-3504

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4151 – PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability

Next Article CVE-2025-3503 – “WP Maps Stored Cross-Site Scripting Vulnerability”

Highlights

CVE-2025-8878 – ProfilePress WordPress Arbitrary Shortcode Execution Vulnerability

August 16, 2025

CVE ID : CVE-2025-8878

Published : Aug. 16, 2025, 12:15 p.m. | 13 hours, 54 minutes ago

Description : The The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.16.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Distribution Release: Tails 7.0

Distribution Release: Security Onion 2.4.180

The attack on the npm ecosystem continues

The attack on the npm ecosystem continues

Feature Highlight

SVAR React Core – New UI Library with 20+ Components

Hyprland Made Easy: Preconfigured Beautiful Distros

Hyprland Made Easy: Preconfigured Beautiful Distros

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Development Release: Ubuntu 25.10 Beta

CVE-2025-3504 – WP Maps Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Best Free and Open Source Alternatives to Microsoft Windows Journal

Linux Candy: Hidamari is fun video wallpaper for Linux

CVE-2025-43010 – SAP S/4HANA Cloud Private Edition or on Premise ABAP Program Replacement Remote Code Execution Vulnerability

AI Is Flipping UX Upside Down

CVE-2025-8878 – ProfilePress WordPress Arbitrary Shortcode Execution Vulnerability

California’s Bar Exam Was Written by AI And It Was a Total Disaster

CVE-2025-5358 – “PHPGurukul/Campcodes Cyber Cafe Management System SQL Injection Vulnerability”

BeyondTrust PRA Vulnerability (CVE-2025-0217) Enables Session Hijacking via Authentication Bypass

CVE-2025-3504 – WP Maps Stored Cross-Site Scripting Vulnerability

Related Posts