CVE-2025-2892 – WordPress All in One SEO Plugin Stored Cross-Site Scripting Vulnerability

May 19, 2025

CVE ID : CVE-2025-2892

Published : May 19, 2025, 5:15 a.m. | 1 hour, 45 minutes ago

Description : The All in One SEO – Powerful SEO Plugin to Boost SEO Rankings & Increase Traffic plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the post Meta Description and Canonical URL parameters in all versions up to, and including, 4.8.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4911 – A vulnerability, which was classified as critical,

Next Article CVE-2025-4910 – PHPGurukul Zoo Management System SQL Injection Vulnerability

Highlights

CVE-2025-4147 – Netgear EX6200 Remote Buffer Overflow Vulnerability

May 1, 2025

CVE ID : CVE-2025-4147

Published : May 1, 2025, 2:15 a.m. | 1 hour, 38 minutes ago

Description : A vulnerability has been found in Netgear EX6200 1.0.3.94 and classified as critical. Affected by this vulnerability is the function sub_47F7C. The manipulation of the argument host leads to buffer overflow. The attack can be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

Sunshine And March Vibes (2025 Wallpapers Edition)

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

My latest hands-on could be the best value AI laptop of the summer, but I still have questions

DOOM: The Dark Ages had the lowest Steam launch numbers in series history — Is it suffering from the ‘Game Pass Effect’?

Microsoft won’t be left exposed if something “catastrophic” happens to OpenAI — but may still be 3 to 6 months behind ChatGPT

Microsoft Copilot gets OpenAI’s GPT-4o image generation support — but maybe a day late and a dollar short for the hype?

ES6: Set Vs Array- What and When?

ES6: Set Vs Array- What and When?

Transform JSON into Typed Collections with Laravel’s AsCollection::of()

Deployer

My latest hands-on could be the best value AI laptop of the summer, but I still have questions

My latest hands-on could be the best value AI laptop of the summer, but I still have questions

DOOM: The Dark Ages had the lowest Steam launch numbers in series history — Is it suffering from the ‘Game Pass Effect’?

Microsoft won’t be left exposed if something “catastrophic” happens to OpenAI — but may still be 3 to 6 months behind ChatGPT

CVE-2025-2892 – WordPress All in One SEO Plugin Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4915 – PHPGurukul Auto Taxi Stand Management System SQL Injection

How to Change Your Django Secret Key (Without Breaking Your App)

I’ve tested the Meta Ray-Bans for months, and these 5 features still amaze me

Creating a Launch Checklist

Payroll Processing Checklist

CVE-2025-4147 – Netgear EX6200 Remote Buffer Overflow Vulnerability

“If Ballmer was CEO, I’d be fired for this tweet.” Microsoft PM mocks Windows 11 with Katy Perry meme, praises macOS.

Vue Datasource is a Vue.js server side component to create tables

CMU Researchers Propose XEUS: A Cross-lingual Encoder for Universal Speech trained in 4000+ Languages

CVE-2025-2892 – WordPress All in One SEO Plugin Stored Cross-Site Scripting Vulnerability

Related Posts