CVE-2025-4589 – WordPress Bon Toolkit Stored Cross-Site Scripting Vulnerability

May 15, 2025

CVE ID : CVE-2025-4589

Published : May 15, 2025, 4:16 a.m. | 39 minutes ago

Description : The Bon Toolkit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘bt-map’ shortcode in all versions up to, and including, 1.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4126 – WordPress EG-Series Plugin Stored Cross-Site Scripting Vulnerability

Next Article coturn is an implementation of TURN and STUN Server

Highlights

CVE-2025-4218 – Handrew BrowserPilot GPTSeleniumAgent Code Injection Vulnerability

May 2, 2025

CVE ID : CVE-2025-4218

Published : May 2, 2025, 9:15 p.m. | 2 hours, 15 minutes ago

Description : A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injection. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Your Slack app is getting a big upgrade – here’s how to try the new AI features

5 Kindle accessories every user should have (and why they make such a big difference)

These premium outdoor speakers made me reconsider switching to Bluetooth audio – here’s why

Google just gave its Photos app the feature upgrade it deserves – here’s what’s new

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

HopToDesk – remote desktop tool

HopToDesk – remote desktop tool

Le notizie minori del mondo GNU/Linux e dintorni della settimana nr 26/2025

Wayland vs X11: progresso necessario o strategia di marketing?

CVE-2025-4589 – WordPress Bon Toolkit Stored Cross-Site Scripting Vulnerability

CVE-2025-6866 – Simple Forum PathTraversal

CVE-2025-6868 – SourceCodester Simple Company Website SQL Injection Vulnerability

4Chan: destructive hoaxes and the Internet of Not Things

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

CVE-2025-46217 – Apache HTTP Server Cross-Site Request Forgery

Why you need a data backup plan for your Mac or PC – before disaster strikes

CVE-2025-4218 – Handrew BrowserPilot GPTSeleniumAgent Code Injection Vulnerability

MuZero, AlphaZero, and AlphaDev: Optimizing computer systems

CVE-2025-32390 – EspoCRM HTML Injection Vulnerability

The Alters shattered my expectations of reality and questioned my life’s decisions

CVE-2025-4589 – WordPress Bon Toolkit Stored Cross-Site Scripting Vulnerability

Related Posts