CVE-2025-3919 – WordPress Comments Import & Export Plugin Unauthenticated Cross-Site Scripting (XSS) Vulnerability

June 2, 2025

CVE ID : CVE-2025-3919

Published : June 2, 2025, 11:15 p.m. | 2 hours, 21 minutes ago

Description : The WordPress Comments Import & Export plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings function in all versions up to, and including, 2.4.3. Additionally, the plugin fails to properly sanitize and escape FTP settings parameters.
This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts on the plugin settings page that will execute whenever an administrative user accesses an injected page.
The vulnerability was partially fixed in version 2.4.3 and fully fixed in version 2.4.4

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49162 – Arris VIP1113 TFTP File Overwrite Vulnerability

Next Article Google Chrome 0-Day Vulnerability Exploited in the Wild to Execute Arbitrary Code

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

7 reasons The Division 2 is a game you should be playing in 2025

Mastering TypeScript: How Complex Should Your Types Be?

Mastering TypeScript: How Complex Should Your Types Be?

IDMC – CDI Best Practices

PWC-IDMC Migration Gaps

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Google’s DeepMind CEO lists 2 AGI existential risks to society keeping him up at night — but claims “today’s AI systems” don’t warrant a pause on development

Anthropic researchers say next-generation AI models will reduce humans to “meat robots” in a spectrum of crazy futures

Xbox just quietly added two of the best RPGs of all time to Game Pass

CVE-2025-3919 – WordPress Comments Import & Export Plugin Unauthenticated Cross-Site Scripting (XSS) Vulnerability

CVE-2025-48906 – DSoftBus Authentication Bypass Vulnerability

CVE-2025-48907 – Apache IPC Deserialization Vulnerability

easy-live2d – About Make your Live2D as easy to control as a pixi sprite! Live2D Web SDK based on Pixi.js.

How I turned the Starlink Mini into an almost perfect off-grid internet solution

Cloudflare announces remote MCP server to reduce barriers to creating AI agents

My favorite gaming earbuds now come in orange — but they’re missing one crucial thing that would make me grab another pair

How to Increase PC Speed

CVE-2025-5668 – PHPGurukul Medical Card Generation System SQL Injection Vulnerability

Ramona Web Designs

Generative AI Capabilities in Adobe Experience Manager

CVE-2025-3919 – WordPress Comments Import & Export Plugin Unauthenticated Cross-Site Scripting (XSS) Vulnerability

Related Posts