CVE-2025-3888 – “Jupiter X Core Stored Cross-Site Scripting Vulnerability”

May 17, 2025

CVE ID : CVE-2025-3888

Published : May 17, 2025, 12:15 p.m. | 53 minutes ago

Description : The Jupiter X Core plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File inclusion in all versions up to, and including, 4.8.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the page with the included SVG file.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-13613 – Wise Chat WordPress Sensitive Information Exposure

Next Article CVE-2025-4826 – TOTOLINK A702R/A3002R/A3002RU HTTP POST Request Handler Buffer Overflow Vulnerability

Highlights

CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

May 21, 2025

CVE ID : CVE-2025-5010

Published : May 21, 2025, 12:15 a.m. | 4 hours, 23 minutes ago

Description : A vulnerability classified as problematic has been found in moonlightL hexo-boot 4.3.0. This affects an unknown part of the file /admin/home/index.html of the component Blog Backend. The manipulation of the argument Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

Laravel in the First Half of 2025

Laravel in the First Half of 2025

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

GOnnect – easy to use VoIP client

GOnnect – easy to use VoIP client

Gnuinos – spin of Devuan Linux

5 Best Free and Open Source Backend Electronic Circuit Simulators

CVE-2025-3888 – “Jupiter X Core Stored Cross-Site Scripting Vulnerability”

CVE-2025-38221 – Linux Kernel ext4 Out-of-Bounds Punch Offset Vulnerability

CVE-2025-38222 – Linux ext4 Inline Data Overflow

CVE-2025-49252 – ThemBay Besa PHP Remote File Inclusion

CVE-2025-49794 – “Libxml2 Use-After-Free XPath Element Parsing Vulnerability”

CVE-2025-37889 – XEN PCI MSI NULL Pointer Dereference Vulnerability

CVE-2025-6930 – PHPGurukul Zoo Management System SQL Injection Vulnerability

CVE-2025-5010 – MoonlightL Hexo-Boot Cross-Site Scripting Vulnerability

Valve denies massive Steam leak; says systems “NOT breached”

CVE-2025-4915 – PHPGurukul Auto Taxi Stand Management System SQL Injection

Distribution Release: T2 SDE 25.4

CVE-2025-3888 – “Jupiter X Core Stored Cross-Site Scripting Vulnerability”

Related Posts