CVE-2025-3858 – WordPress Formality Plugin Stored Cross-Site Scripting Vulnerability

May 2, 2025

CVE ID : CVE-2025-3858

Published : May 2, 2025, 4:15 a.m. | 3 hours, 5 minutes ago

Description : The Formality plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.5.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3514 – “SureForms WordPress Stored Cross-Site Scripting Vulnerability”

Next Article CVE-2025-3748 – WordPress Taxonomy Chain Menu Stored Cross-Site Scripting

Highlights

CVE-2025-4030 – “PHPGurukul COVID19 Testing Management System SQL Injection”

April 28, 2025

CVE ID : CVE-2025-4030

Published : April 28, 2025, 6:15 p.m. | 50 minutes ago

Description : A vulnerability was found in PHPGurukul COVID19 Testing Management System 1.0. It has been classified as critical. This affects an unknown part of the file /search-report-result.php. The manipulation of the argument serachdata leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-3858 – WordPress Formality Plugin Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-49184 – Apache Product Information Disclosure Vulnerability

Bubble sort visualization in 41 lines of pure JS

The best business desktops of 2025: Expert tested and reviewed

Best Free and Open Source Alternatives to Progress Kemp LoadMaster

CVE-2025-4030 – “PHPGurukul COVID19 Testing Management System SQL Injection”

CVE-2025-34047 – Leadsec SSL VPN Path Traversal Vulnerability

GPT OSS models from OpenAI are now available on SageMaker JumpStart

Exploring data and its influence on political behavior

CVE-2025-3858 – WordPress Formality Plugin Stored Cross-Site Scripting Vulnerability

Related Posts