CVE-2025-0853 – WordPress PGS Core Plugin SQL Injection Vulnerability

May 6, 2025

CVE ID : CVE-2025-0853

Published : May 6, 2025, 10:15 p.m. | 1 hour, 42 minutes ago

Description : The PGS Core plugin for WordPress is vulnerable to SQL Injection via the ‘event’ parameter in the ‘save_header_builder’ function in all versions up to, and including, 5.8.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47420 – Crestron Automate VX Privilege Escalation Vulnerability

Next Article CVE-2025-47419 – Crestron Automate VX Insecure Communication Vulnerability

Highlights

CVE-2025-5426 – Juzaweb CMS Menu Page Remote Access Control Vulnerability

June 2, 2025

CVE ID : CVE-2025-5426

Published : June 2, 2025, 3:15 a.m. | 4 hours, 6 minutes ago

Description : A vulnerability was found in juzaweb CMS up to 3.4.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin-cp/menus of the component Menu Page. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Vite 7.0 Is Out

Vite 7.0 Is Out

Exploring JavaScript ES2025 Edition

Mastering Mixed DML Operations in Apex

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

CVE-2025-0853 – WordPress PGS Core Plugin SQL Injection Vulnerability

Critical Kaleris Navis N4 Flaw (CVE-2025-2566, CVSS 9.8): Supply Chain Infrastructure at Risk!

TeamViewer for Windows Vulnerability Let Attackers Delete Files Using SYSTEM Privileges

FloQast builds an AI-powered accounting transformation solution with Anthropic’s Claude 3 on Amazon Bedrock

CVE-2025-48873 – Apache Web Framework Remote Code Execution Vulnerability

New Linux Flaws Allow Password Hash Theft via Core Dumps in Ubuntu, RHEL, Fedora

Customize Amazon Nova models to improve tool usage

CVE-2025-5426 – Juzaweb CMS Menu Page Remote Access Control Vulnerability

CVE-2025-6547 – Apache PBKDF2 Signature Spoofing Vulnerability

Microsoft Edge’s Quiet Shift to AVIF: Why It Matters

North Korean Hackers Deploy BeaverTail Malware via 11 Malicious npm Packages

CVE-2025-0853 – WordPress PGS Core Plugin SQL Injection Vulnerability

Related Posts