CVE-2025-5235 – OpenSheetMusicDisplay for WordPress Stored Cross-Site Scripting

May 30, 2025

CVE ID : CVE-2025-5235

Published : May 30, 2025, 10:15 a.m. | 1 hour, 41 minutes ago

Description : The OpenSheetMusicDisplay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘className’ parameter in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-1763 – GitLab EE Cross-Site Scripting and Content Security Policy Bypass Vulnerability

Next Article CVE-2025-5142 – WordPress Simple Page Access Restriction CSRF Vulnerability

Highlights

CVE-2025-3893 – MegaBIP SQL Injection

May 23, 2025

CVE ID : CVE-2025-3893

Published : May 23, 2025, 11:15 a.m. | 1 hour, 24 minutes ago

Description : While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability.
Version 5.20 of MegaBIP fixes this issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Smashing Animations Part 4: Optimising SVGs

I test AI tools for a living. Here are 3 image generators I actually use and how

The world’s smallest 65W USB-C charger is my latest travel essential

This Spotlight alternative for Mac is my secret weapon for AI-powered search

Tech prophet Mary Meeker just dropped a massive report on AI trends – here’s your TL;DR

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Beyond AEM: How Adobe Sensei Powers the Full Enterprise Experience

Simplify Negative Relation Queries with Laravel’s whereDoesntHaveRelation Methods

Cast Model Properties to a Uri Instance in 12.17

My Favorite Obsidian Plugins and Their Hidden Settings

My Favorite Obsidian Plugins and Their Hidden Settings

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

Rilasciata Oracle Linux 9.6: Scopri le Novità e i Miglioramenti nella Sicurezza e nelle Prestazioni

CVE-2025-5235 – OpenSheetMusicDisplay for WordPress Stored Cross-Site Scripting

HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability — Urges Immediate Patch Upgrade

CISA Adds Qualcomm Vulnerabilities to KEV Catalog

Boost Your UX Skills with These Top Design Newsletters

Zelenskyy Signs Law Advancing Cybersecurity of Ukraine’s State Networks and Critical Infrastructure

CVE-2025-20674 – Aruba Wlan AP Driver Privilege Escalation Vulnerability

What is Retrieval Augmented Generation (RAG)?

CVE-2025-3893 – MegaBIP SQL Injection

7 must-know facts about the Legion Go S and Legion Go 2 gaming handhelds

CVE-2025-1329 – IBM CICS TX DNS Rebinding Vulnerability

Alternatives to popular CLI tools: cp

CVE-2025-5235 – OpenSheetMusicDisplay for WordPress Stored Cross-Site Scripting

Related Posts