CVE-2025-3584 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

June 3, 2025

CVE ID : CVE-2025-3584

Published : June 3, 2025, 6:15 a.m. | 1 hour, 12 minutes ago

Description : The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleNST is a bootable ISO live USB flash drive

Next Article CVE-2025-3662 – FancyBox for WordPress Unauthenticated Stored XSS

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-3584 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CVE-2025-5799 – Tenda AC8 Stack-Based Buffer Overflow Vulnerability

CVE-2025-48695 – CyberDAVA Privilege Escalation Vulnerability

Warhammer 40,000: Rogue Trader, winner of Windows Central’s 2024 Editor’s Choice Award, has sold over 1 million copies

Strengthening Security: Bug Bounty and GitHub Secret Scanning

CVE-2025-47285 – Vyper Ethereum Virtual Machine Side-Effect Evaluation Vulnerability

Will an overreliance on Copilot and ChatGPT make you dumb? A new Microsoft study says AI ‘atrophies’ critical thinking: “I already feel like I have lost some brain cells.”

CVE-2025-35995 – BIG-IP PEM Denial of Service Vulnerability

Validate URLs Effectively with Laravel’s Str::isUrl Method

New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites

CVE-2025-3584 – WordPress Newsletter Stored Cross-Site Scripting Vulnerability

Related Posts