CVE-2025-4224 – WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability

June 3, 2025

CVE ID : CVE-2025-4224

Published : June 3, 2025, 3:15 a.m. | 4 hours, 12 minutes ago

Description : The wpForo + wpForo Advanced Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via media upload names in all versions up to, and including, 3.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Custom-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4797 – “Golo – City Travel Guide WordPress Theme Privilege Escalation via Account Takeover”

Next Article Splunk Enterprise XSS Vulnerability Let Attackers Execute Unauthorized JavaScript Code

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

In MCP era API discoverability is now more important than ever

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

Multiple reports suggest a Persona 4 Remake from Atlus will be announced during the Xbox Games Showcase

TC39 advances numerous proposals at latest meeting

TC39 advances numerous proposals at latest meeting

TypeBridge – zero ceremony, compile time rpc for client and server com

Simplify Cloud-Native Development with Quarkus Extensions

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Black Myth: Wukong is coming to Xbox exactly one year after launching on PlayStation

Reddit wants to sue Anthropic for stealing its data, but the Claude AI manufacturers vow to “defend ourselves vigorously”

Satya Nadella says Microsoft makes money every time you use ChatGPT: “Every day that ChatGPT succeeds is a fantastic day”

CVE-2025-4224 – WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

Critical Fortinet flaws now exploited in Qilin ransomware attacks

I am trying to make a python bot to alarm me when an appointment in the goverments office is available but 403 Error

I got my hands on Lenovo’s new dual-screen OLED laptop — I can already see how the redesign makes it better than ever

Input Leap – KVM software

I rely on this Anker GAN charger when I travel and it’s on sale for $55 during Black Friday

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution

Ransomware Hits French Museums Amid Olympic Cyberattacks Surge

IBM introduces a mainframe for AI: The LinuxONE Emperor 5

How to use Apple Pay in stores and online (and why you should)

CVE-2025-4224 – WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability

Related Posts