CVE-2025-4220 – Xavin’s List Subpages WordPress Stored Cross-Site Scripting Vulnerability

May 6, 2025

CVE ID : CVE-2025-4220

Published : May 7, 2025, 3:15 a.m. | 20 minutes ago

Description : The Xavin’s List Subpages plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘xls’ shortcode in all versions up to, and including, 1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4335 – “WordPress Woocommerce Multiple Addresses Privilege Escalation Vulnerability”

Next Article CVE-2025-4055 – WordPress Multiple Post Type Order Stored Cross-Site Scripting

Highlights

CVE-2025-4373 – GLib Integer Overflow Buffer Underwrite

May 6, 2025

CVE ID : CVE-2025-4373

Published : May 6, 2025, 3:16 p.m. | 19 minutes ago

Description : A flaw was found in GLib, which is vulnerable to an integer overflow in the g_string_insert_unichar() function. When the position at which to insert the character is large, the position will overflow, leading to a buffer underwrite.

Severity: 4.8 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

13 Best Free and Open Source Terminal-Based Podcast Tools

April 26, 2025

13 Best Free and Open Source Linux Video Converters

February 18, 2025

This intriguing, upcoming indie Soulslike/Metroidvania hybrid has received a new title just a few months away from releasing for Xbox and PC

January 31, 2025

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

How to install and use Ollama to run AI LLMs on your Windows 11 PC

Community News: Latest PECL Releases (05.13.2025)

Community News: Latest PECL Releases (05.13.2025)

How We Use Epic Branches. Without Breaking Our Flow.

I think the ergonomics of generators is growing on me.

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

This $4 Steam Deck game includes the most-played classics from my childhood — and it will save you paper

Microsoft shares rare look at radical Windows 11 Start menu designs it explored before settling on the least interesting one of the bunch

NVIDIA’s new GPU driver adds DOOM: The Dark Ages support and improves DLSS in Microsoft Flight Simulator 2024

CVE-2025-4220 – Xavin’s List Subpages WordPress Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2024-13940 – Ninja Forms Webhooks SSRF Vulnerability

If it works, it’s right

GitHub Copilot: The agent awakens

The best HP laptops: Expert tested

Upgrade your home audio with this JBL soundbar that’s still $150 off

CVE-2025-4373 – GLib Integer Overflow Buffer Underwrite

13 Best Free and Open Source Terminal-Based Podcast Tools

13 Best Free and Open Source Linux Video Converters

This intriguing, upcoming indie Soulslike/Metroidvania hybrid has received a new title just a few months away from releasing for Xbox and PC

CVE-2025-4220 – Xavin’s List Subpages WordPress Stored Cross-Site Scripting Vulnerability

Related Posts