CVE-2025-4963 – “WordPress WP Extended Stored Cross-Site Scripting”

May 28, 2025

CVE ID : CVE-2025-4963

Published : May 28, 2025, 10:15 a.m. | 1 hour, 20 minutes ago

Description : The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5295 – FreeFloat FTP Server Buffer Overflow Vulnerability

Next Article CVE-2025-1753 – LLama-Index OS Command Injection Vulnerability

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Smashing Animations Part 4: Optimising SVGs

I test AI tools for a living. Here are 3 image generators I actually use and how

The world’s smallest 65W USB-C charger is my latest travel essential

This Spotlight alternative for Mac is my secret weapon for AI-powered search

Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Simplify Negative Relation Queries with Laravel’s whereDoesntHaveRelation Methods

Cast Model Properties to a Uri Instance in 12.17

My Favorite Obsidian Plugins and Their Hidden Settings

My Favorite Obsidian Plugins and Their Hidden Settings

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Rilasciata Oracle Linux 9.6: Scopri le Novità e i Miglioramenti nella Sicurezza e nelle Prestazioni

CVE-2025-4963 – “WordPress WP Extended Stored Cross-Site Scripting”

HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)

direnv unclutters your .profile

NVIDIA to manufacture AI supercomputers in the U.S. for the first time

CISA Warns of Consilium Fire Panel Vulnerabilities Allowing Remote Takeover

Preparing for Salesforce Spring 25 Release Updates: Apex Updates

The Legal Accountability of AI-Generated Deepfakes in Election Misinformation

“Is my work killing kids?” This could be the email that led Microsoft to ban keywords like ‘Palestine’ and ‘Gaza’ from internal comms

Designing for Flow, Not Frustration: The Transformation of Arts Corporation Through Refined Animation

Strategic Partnerships in Biotech

CVE-2025-4963 – “WordPress WP Extended Stored Cross-Site Scripting”

Related Posts