CVE-2025-3583 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

May 5, 2025

CVE ID : CVE-2025-3583

Published : May 5, 2025, 6:15 a.m. | 1 hour, 20 minutes ago

Description : The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4266 – PHPGurukul Notice Board System SQL Injection Vulnerability

Next Article CVE-2025-39363 – AlphaEfficiencyTeam Custom Login and Registration Stored Cross-site Scripting Vulnerability

Highlights

CVE-2025-6751 – Linksys E8450 HTTP POST Request Handler Buffer Overflow

June 27, 2025

CVE ID : CVE-2025-6751

Published : June 27, 2025, 4:15 a.m. | 1 hour, 29 minutes ago

Description : A vulnerability, which was classified as critical, was found in Linksys E8450 up to 1.2.00.360516. This affects the function set_device_language of the file portal.cgi of the component HTTP POST Request Handler. The manipulation of the argument dut_language leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-3583 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-7753 – Code-projects Online Appointment Booking System SQL Injection Vulnerability

Valiantys Shares Expanded AI Capabilities for Empowering Next-Generation Software Development at Team 25

Using Ollama to Run LLMs Locally [FREE]

Microsoft extends Basic Authentication and makes changes to HVE in Microsoft 365

CVE-2025-6751 – Linksys E8450 HTTP POST Request Handler Buffer Overflow

A Quick Guide to Escaping PHP Data in WordPress

I tested JBL’s newest premium headphones – Bose and Sony should watch out

CVE-2025-4052 – Google Chrome DevTools Authorization Bypass

CVE-2025-3583 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

Related Posts