CVE-2025-4594 – WordPress Tournamatch Stored Cross-Site Scripting Vulnerability

May 23, 2025

CVE ID : CVE-2025-4594

Published : May 23, 2025, 4:15 a.m. | 17 minutes ago

Description : The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘trn-ladder-registration-button’ shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleSSPlot is a simple plotting utility and numerical simulator

Next Article CVE-2025-48708 – Artifex Ghostscript Argument Injection Vulnerability

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

Microsoft’s new Surface Laptop 13-inch is now priced how I thought it should’ve always been — all thanks to this Prime Day deal that WON’T last forever

WWE 2K25 is getting a new story starring Bray Wyatt that will “get people emotional” — but not for PC or last-gen console players

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

Microsoft’s new Surface Laptop 13-inch is now priced how I thought it should’ve always been — all thanks to this Prime Day deal that WON’T last forever

CVE-2025-4594 – WordPress Tournamatch Stored Cross-Site Scripting Vulnerability

MOVEit Transfer Faces Increased Threats as Scanning Surges and CVE Flaws Are Targeted

Over 1,000 SOHO Devices Hacked in China-linked LapDogs Cyber Espionage Campaign

Solution Highlight – Oracle Fusion Global SCM and Manufacturing – Part 2

Your DoorDash menu options may look more tempting soon, thanks to AI

My Cursor Rules for Laravel Projects

CVE-2025-37780 – Linux Kernel Isofs Fid Handle Bytes Vulnerability

This OnePlus Open bundle deal gets you a $300 smartwatch for free – how to qualify

CVE-2025-6430 – Firefox Object Injection Vulnerability

Forget AirTags: This KeySmart luggage lock makes location-tracking easy (and it’s TSA-compliant)

Are Subscriptions Trying to Trick You with Their Pricing?

CVE-2025-4594 – WordPress Tournamatch Stored Cross-Site Scripting Vulnerability

Related Posts