CVE-2025-4099 – WordPress List Children Plugin Stored Cross-Site Scripting Vulnerability

May 1, 2025

CVE ID : CVE-2025-4099

Published : May 1, 2025, 5:15 a.m. | 2 hours, 56 minutes ago

Description : The List Children plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘list_children’ shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13381 – WordPress Calculated Fields Form Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-3952 – Projectopia WordPress Project Management Unauthenticated Option Deletion

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-4099 – WordPress List Children Plugin Stored Cross-Site Scripting Vulnerability

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database

Marktechpost Releases 2025 Agentic AI and AI Agents Report: A Technical Landscape of AI Agents and Agentic AI

A few keyboard settings are moving from Control Panel to Settings app in Windows 11

CVE-2025-46815 – ZITADEL IdP Intent Session Token Abuse

Healthcare UX Design: 7 Best Remedies for the Industry’s Unique Pains

What Is Q in Django? (And Why It’s Super Useful)

RoboCat: A self-improving robotic agent

CVE-2025-1950 – IBM Hardware Management Console – Local Command Execution Vulnerability

CVE-2025-4099 – WordPress List Children Plugin Stored Cross-Site Scripting Vulnerability

Related Posts