CVE-2025-3514 – “SureForms WordPress Stored Cross-Site Scripting Vulnerability”

May 2, 2025

CVE ID : CVE-2025-3514

Published : May 2, 2025, 6:15 a.m. | 1 hour, 5 minutes ago

Description : The SureForms WordPress plugin before 1.4.4 does not sanitise and escape some of its Form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3488 – WordPress WPML Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-3858 – WordPress Formality Plugin Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-3847 – Markparticle WebServer SQL Injection Vulnerability

April 21, 2025

CVE ID : CVE-2025-3847

Published : April 21, 2025, 11:15 p.m. | 3 hours, 21 minutes ago

Description : A vulnerability classified as critical has been found in markparticle WebServer up to 1.0. This affects an unknown part of the file code/http/httprequest.cpp of the component Login. The manipulation of the argument username/password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

UX Job Interview Helpers

.NET Aspire’s CLI reaches general availability in 9.4 release

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

Why I’ll keep the Samsung Z Fold 7 over the Pixel 10 Pro Fold – especially if these rumors are true

You may soon get Starlink internet for a much lower ‘Community’ price – here’s how

uBlock Origin Lite has finally arrived for Safari – with one important caveat

Perplexity says Cloudflare’s accusations of ‘stealth’ AI scraping are based on embarrassing errors

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

Simplified Batch Job Creation with Laravel’s Enhanced Artisan Command

Send Notifications in Laravel with Firebase Cloud Messaging and Notifire

This comfy mesh office chair I’ve been testing costs less than $400 — but there’s a worthy alternative that’s far more affordable

This comfy mesh office chair I’ve been testing costs less than $400 — but there’s a worthy alternative that’s far more affordable

How to get started with Markdown in the Notepad app for Windows 11

Microsoft Account Lockout: LibreOffice Developer’s Week-Long Nightmare Raises Concerns

CVE-2025-3514 – “SureForms WordPress Stored Cross-Site Scripting Vulnerability”

SonicWall Investigating Potential SSL VPN Zero-Day After 20+ Targeted Attacks Reported

Think Before You Download: UAE Cybersecurity Council Issues Warning on Unverified Apps

SpyNote, BadBazaar, MOONSHINE Malware Target Android and iOS Users via Fake Apps

Distribution Release: Nobara Project 42

Accelerate API Testing with Laravel’s ddBody() Method

CVE-2025-30173 – Aspect Server-Side Request Forgery (SSRF) Vulnerability

CVE-2025-3847 – Markparticle WebServer SQL Injection Vulnerability

From Inclusive Design to Universal Design – Building a Foundation for Everyone

Microsoft releases Windows 10 (KB5058379/ KB5058392 / KB5058383/ KB5058387) May 2025 Patch Tuesday

Web Developer vs Software Developer : Key Differences

CVE-2025-3514 – “SureForms WordPress Stored Cross-Site Scripting Vulnerability”

Related Posts