CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

May 20, 2025

CVE ID : CVE-2025-2929

Published : May 20, 2025, 6:15 a.m. | 1 hour, 46 minutes ago

Description : The Order Delivery Date WordPress plugin before 12.4.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleMicrosoft apre il codice sorgente di WSL: una svolta storica!

Next Article CVE-2024-5878 – WordPress SimpleLightbox Stored Cross-Site Scripting Vulnerability

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

OpenAI almost shipped ChatGPT with a different name — before a late-night twist

The dog days of JavaScript summer

The dog days of JavaScript summer

Databricks Lakebase – Database Branching in Action

Flutter + GitHub Copilot = Your New Superpower

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Hideo Kojima’s “OD” is still in development with Xbox, at least for today

Microsoft is replacing salespeople with “solutions engineers” amid recent layoffs — promoting Copilot AI while ChatGPT dominates the enterprise sector

Microsoft’s extra year of Windows 10 security updates isn’t a “viable solution” for the 400 million PCs that can’t upgrade to Windows 11 — “It’s obvious users are frustrated and feel yanked around.”

CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

CVE-2023-50786 – Dradis HTTP Image Reference Vulnerability (Arbitrary Code Execution)

RondoDox: Sophisticated Botnet Exploits TBK DVRs & Four-Faith Routers for DDoS Attacks

CVE-2025-45525 – Microlight.js Null Pointer Dereference Vulnerability

CVE-2025-4043 – Apache Device Unprivileged File Write

One of Gemini’s coolest features is now open to all Android and iOS users – for free

CVE-2025-47584 – ThemeGoods Photography Deserialization of Untrusted Data Vulnerability

CVE-2025-4367 – WordPress Download Manager Stored Cross-Site Scripting Vulnerability

A New Citibank Report/Guide Shares How Agentic AI Will Reshape Finance with Autonomous Analysis and Intelligent Automation

CVE-2025-6756 – “Ultra Addons for Contact Form 7 Stored Cross-Site Scripting Vulnerability”

CVE-2025-34029 – Edimax EW-7438RPn Mini OS Command Injection

CVE-2025-2929 – “WordPress Order Delivery Date Reflected Cross-Site Scripting”

Related Posts