CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

May 20, 2025

CVE ID : CVE-2025-2929

Published : May 20, 2025, 6:15 a.m. | 1 hour, 46 minutes ago

Description : The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleMicrosoft apre il codice sorgente di WSL: una svolta storica!

Next Article CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

Stop writing tests: Automate fully with Generative AI

Opsera’s Codeglide.ai lets developers easily turn legacy APIs into MCP servers

Black Duck Security GitHub App, NuGet MCP Server preview, and more – Daily News Digest

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

This new Coros watch has 3 weeks of battery life and tracks way more – even fly fishing

5 ways automation can speed up your daily workflow – and implementation is easy

This new C-suite role is more important than ever in the AI era – here’s why

iPhone users may finally be able to send encrypted texts to Android friends with iOS 26

Creating Dynamic Real-Time Features with Laravel Broadcasting

Creating Dynamic Real-Time Features with Laravel Broadcasting

Understanding Tailwind CSS Safelist: Keep Your Dynamic Classes Safe!

Sitecore’s Content SDK: Everything You Need to Know

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Why GNOME Replaced Eye of GNOME with Loupe as the Default Image Viewer

Microsoft admits it broke “Reset this PC” in Windows 11 23H2 KB5063875, Windows 10 KB5063709

How to Fix “EA AntiCheat Has Detected an Incompatible Driver” on Windows 11?

CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

Investors beware: AI-powered financial scams swamp social media

PyPI Blocks 1,800 Expired-Domain Emails to Prevent Account Takeovers and Supply Chain Attacks

CVE-2025-4839 – Itwanger Paicoding Cross-Domain Policy Vulnerability

Rilasciata Alpine Linux 3.22: Un aggiornamento con alcune novità

Lenovo Vantage Vulnerabilities Allow Attackers to Escalate Privileges as SYSTEM User

Six Principles for Production AI Agents

CVE-2025-52080 – Netgear XR300 HTTPD Service Stack-Based Buffer Overflow

Netflix Tudum Architecture: from CQRS with Kafka to CQRS with RAW Hollow

Rilasciato Trinity Desktop Environment R14.1.4: Novità e approfondimenti sulla nuova versione

OpenNumismat is coin collecting software

CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

Related Posts