CVE-2025-3862 – Contest Gallery WordPress Stored Cross-Site Scripting Vulnerability

May 8, 2025

CVE ID : CVE-2025-3862

Published : May 8, 2025, 12:15 p.m. | 3 hours, 22 minutes ago

Description : Contest Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 26.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4208 – NEX-Forms PHP Code Execution Vulnerability

Next Article CVE-2025-3506 – Checkmk Unauthenticated File Access Vulnerability

Highlights

CVE-2025-4606 – Sala – Startup & SaaS WordPress Theme Privilege Escalation Vulnerability

July 9, 2025

CVE ID : CVE-2025-4606

Published : July 9, 2025, 4:16 a.m. | 2 hours, 8 minutes ago

Description : The Sala – Startup & SaaS WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.1.4. This is due to the theme not properly validating a user’s identity prior to updating their details like password. This makes it possible for unauthenticated attackers to change arbitrary user’s passwords, including administrators, and leverage that to gain access to their account.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

Melissa brings its data quality solutions to Azure with new SSIS integration

Automating Design Systems: Tips And Resources For Getting Started

This $180 mini projector has no business being this good for the price

GPT-5 is finally here, and you can access it for free today – no subscription needed

Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

Advanced Application Architecture through Laravel’s Service Container Management

Advanced Application Architecture through Laravel’s Service Container Management

Switch Between Personas in Laravel With the MultiPersona Package

AI-Driven Smart Tagging and Metadata in AEM Assets

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Halo Infinite’s Fall Update: New Features and Modes to Revive the Game?

Forza Motorsport’s Future in Jeopardy: Fans Demand Clarity from Microsoft

CVE-2025-3862 – Contest Gallery WordPress Stored Cross-Site Scripting Vulnerability

Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October

Google Confirms Salesforce Database Breach by ShinyHunters Group

Linux Privilege Escalation (CVE-2025-6019): Root Access Via udisksd & libblockdev, PoC Available

Is Microsoft killing physical Xbox games? Between The Outer Worlds 2 and Gears of War: Reloaded, I’m worried

My favorite headphones for watching movies are at their lowest price for Prime Day

IT Expense Reimbursement Policy

CVE-2025-4606 – Sala – Startup & SaaS WordPress Theme Privilege Escalation Vulnerability

CVE-2025-48944 – vLLM Unvalidated Input Crash Vulnerability

All Pixel Watch 3s are on sale at Best Buy – save $70 on the LTE model

I’ve been seeing the future through the best AR glasses yet — and there’s a whole lot of XREAL there

CVE-2025-3862 – Contest Gallery WordPress Stored Cross-Site Scripting Vulnerability

Related Posts