CVE-2025-3862 – Contest Gallery WordPress Stored Cross-Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2025-3862

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4208 – NEX-Forms PHP Code Execution Vulnerability

Next Article CVE-2025-3506 – Checkmk Unauthenticated File Access Vulnerability

Highlights

CVE-2025-42963 – SAP NetWeaver Application Server for Java Java Object Deserialization Remote Code Execution Vulnerability

July 7, 2025

CVE ID : CVE-2025-42963

Published : July 8, 2025, 1:15 a.m. | 35 minutes ago

Description : A critical vulnerability in SAP NetWeaver Application server for Java Log Viewer enables authenticated administrator users to exploit unsafe Java object deserialization. Successful exploitation can lead to full operating system compromise, granting attackers complete control over the affected system. This results in a severe impact on the confidentiality, integrity, and availability of the application and host environment.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Error’d: You Talkin’ to Me?

The Psychology Of Trust In AI: A Guide To Measuring And Designing For User Confidence

This week in AI updates: OpenAI Codex updates, Claude integration in Xcode 26, and more (September 19, 2025)

Report: The major factors driving employee disengagement in 2025

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Development Release: Zorin OS 18 Beta

Distribution Release: IPFire 2.29 Core 197

@ts-ignore is almost always the worst option

@ts-ignore is almost always the worst option

MutativeJS v1.3.0 is out with massive performance gains

Student Performance Prediction System using Python Machine Learning (ML)

DistroWatch Weekly, Issue 1140

DistroWatch Weekly, Issue 1140

Distribution Release: DietPi 9.17

Hyprland Made Easy: Preconfigured Beautiful Distros

CVE-2025-3862 – Contest Gallery WordPress Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Vgmi is a Gemini client written in C

Playbook: Transforming Your Cybersecurity Practice Into An MRR Machine

CVE-2024-22330 – IBM Security Verify Governance Weak Password Enforcement Vulnerability

Why Manual Data Entry Is Killing Estate Planning Productivity

CVE-2025-42963 – SAP NetWeaver Application Server for Java Java Object Deserialization Remote Code Execution Vulnerability

CVE-2025-49128 – Jackson-core Information Disclosure Vulnerability

CVE-2025-53867 – Island Lake WebBatch Remote Code Execution Vulnerability

CVE-2025-44022 – Vvveb CMS Remote Code Execution

CVE-2025-3862 – Contest Gallery WordPress Stored Cross-Site Scripting Vulnerability

Related Posts