CVE-2025-3670 – WordPress KiwiChat NextClient Stored Cross-Site Scripting

May 2, 2025

CVE ID : CVE-2025-3670

Published : May 2, 2025, 3:15 a.m. | 4 hours, 5 minutes ago

Description : The KiwiChat NextClient plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4177 – Flynax Bridge – Unauthenticated User Deletion Vulnerability

Next Article CVE-2025-2880 – Yame Link In Bio WordPress Sensitive Information Exposure

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

CVE-2025-3670 – WordPress KiwiChat NextClient Stored Cross-Site Scripting

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Critical Auth Bypass Vulnerability (CVE-2025-51381) Found in KAON KCM3100 Gateways

CVE-2025-39486 – ValvePress Rankie SQL Injection

CVE-2025-29686 – OA System Cross-Site Scripting (XSS)

CVE-2025-32889 – goTenna Hardcoded Verification Token Vulnerability

Automate customer support with Amazon Bedrock, LangGraph, and Mistral models

Windows 11 23H2 Release Preview KB5058502 is here with new Copilot shortcuts and more

CVE-2025-43862 – Dify APP Orchestration Privilege Escalation Vulnerability

CVE-2025-47885 – CloudBees Jenkins Health Advisor XSS

KB5055625 tests Windows 11’s Show smaller taskbar buttons feature

CVE-2025-3670 – WordPress KiwiChat NextClient Stored Cross-Site Scripting

Related Posts