CVE-2024-9544 – MapSVG WordPress Stored Cross-Site Scripting Vulnerability

May 22, 2025

CVE ID : CVE-2024-9544

Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4280 – Poedit for MacOS Privilege Escalation Vulnerability

Next Article This AI Paper Introduces MathCoder-VL and FigCodifier: Advancing Multimodal Mathematical Reasoning with Vision-to-Code Alignment

Highlights

CVE-2025-32440 – NetAlertX Authentication Bypass Vulnerability

May 27, 2025

CVE ID : CVE-2025-32440

Published : May 27, 2025, 10:15 p.m. | 3 hours, 8 minutes ago

Description : NetAlertX is a network, presence scanner and alert framework. Prior to version 25.4.14, it is possible to bypass the authentication mechanism of NetAlertX to update settings without authentication. An attacker can trigger sensitive functions within util.php by sending crafted requests to /index.php. This issue has been patched in version 25.4.14.

Severity: 10.0 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft says “ChatGPT isn’t better than Copilot,” but OpenAI’s companion reportedly received more visits in a day than Copilot did in a month

April 11, 2025

Formatting Text in Logseq

April 11, 2025

Restic Robot – wrapper for Restic

April 17, 2025

The Double-Edged Sustainability Sword Of AI In Web Design

Top 12 Reasons Enterprises Choose Node.js Development Services for Scalable Growth

GitHub’s coding agent can now be launched from anywhere on platform using new Agents panel

Stop writing tests: Automate fully with Generative AI

I’m a diehard Pixel fan, but I’m not upgrading to the Pixel 10. Here’s why

Google Pixel Watch 4 vs. Samsung Galaxy Watch 8: I compared the two best Androids, and here’s the winner

Get a free Amazon gift card up to $300 when you preorder a new Google Pixel 10 phone – here’s how

Everything announced at Made by Google 2025: Pixel 10 Pro, Fold, Watch 4, and more

Copy Errors as Markdown to Share With AI in Laravel 12.25

Copy Errors as Markdown to Share With AI in Laravel 12.25

Deconstructing the Request Lifecycle in Sitecore Headless – Part 2: SSG and ISR Modes in Next.js

Susan Etlinger, AI Analyst and Industry Watcher on Building Trust

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

TerraMaster D1 SSD Plus Review: Experience a Faster External SSD

Microsoft is investigating Windows 11 KB5063878 SSD data corruption/failure issue

Microsoft Surface Won’t Turn On: 6 Tested Solutions to Fix

CVE-2024-9544 – MapSVG WordPress Stored Cross-Site Scripting Vulnerability

DOJ Charges 22-Year-Old for Running RapperBot Botnet Behind 370,000 DDoS Attacks

He Hacked McDonald’s for Free Nuggets — What He Found Was Far More Dangerous

Synology ABM Flaw (CVE-2025-4679) Leaks Global Client Secret, Exposing ALL Microsoft 365 Tenants

Hackers Exploited 17-year-old Vulnerability to Weaponize Word Documents

CVE-2025-6091 – H3C GR-3000AX Buffer Overflow Vulnerability

Distribution Release: Exton Linux 250707 “DebEX”

CVE-2025-32440 – NetAlertX Authentication Bypass Vulnerability

Microsoft says “ChatGPT isn’t better than Copilot,” but OpenAI’s companion reportedly received more visits in a day than Copilot did in a month

Formatting Text in Logseq

Restic Robot – wrapper for Restic

CVE-2024-9544 – MapSVG WordPress Stored Cross-Site Scripting Vulnerability

Related Posts