CVE-2025-5259 – WordPress Minimal Share Buttons Stored Cross-Site Scripting (XSS)

May 30, 2025

CVE ID : CVE-2025-5259

Published : May 30, 2025, 6:15 a.m. | 3 hours, 21 minutes ago

Description : The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41385 – “Wivia OS Command Injection Vulnerability”

Next Article CVE-2025-4659 – Salesforce WordPress Plugin Full Path Disclosure Vulnerability

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-5259 – WordPress Minimal Share Buttons Stored Cross-Site Scripting (XSS)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-6269 – HDF5 Heap-Based Buffer Overflow Vulnerability

CVE-2024-51099 – PHPGURUKUL Medical Card Generation System Reflected XSS

CVE-2025-25257 – Fortinet FortiWeb SQL Injection Vulnerability

CVE-2025-5525 – “Jrohy Trojan LogChan os Command Injection Vulnerability”

CVE-2025-32472 – HPE MultiScan and picoScan Slowloris Denial-of-Service Vulnerability

This ThinkPad is as durable as it is practical, and it’s my go-to for working remotely

30+ Best Canva Presentation Templates to Elevate Your Slides

Meta just gave its smart glasses a major AI power-up, and Apple is now racing to catch up.

CVE-2025-5259 – WordPress Minimal Share Buttons Stored Cross-Site Scripting (XSS)

Related Posts