CVE-2025-4392 – WordPress Shared Files Frontend Stored Cross-Site Scripting

June 3, 2025

CVE ID : CVE-2025-4392

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleOpenMamba: Una Distribuzione GNU/Linux Italiana Indipendente

Next Article CVE-2024-54189 – Parallels Desktop for Mac Root Privilege Escalation

Highlights

CVE-2025-5759 – PHPGurukul Local Services Search Engine Management System SQL Injection Vulnerability

June 6, 2025

CVE ID : CVE-2025-5759

Published : June 6, 2025, 11:15 a.m. | 34 minutes ago

Description : A vulnerability classified as critical was found in PHPGurukul Local Services Search Engine Management System 2.1. This vulnerability affects unknown code of the file /admin/edit-person-detail.php?editid=2. The manipulation of the argument editid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Tenable updates Vulnerability Priority Rating scoring method to flag fewer vulnerabilities as critical

Google adds updated workspace templates in Firebase Studio that leverage new Agent mode

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

EcoFlow’s new portable battery stations are lighter and more powerful (DC plug included)

7 ways Linux can save you money

My favorite Kindle tablet just got a kids model, and it makes so much sense

You can turn your Google Photos into video clips now – here’s how

Blade Service Injection: Direct Service Access in Laravel Templates

Blade Service Injection: Direct Service Access in Laravel Templates

This Week in Laravel: NativePHP Mobile and AI Guidelines from Spatie

Retrieve the Currently Executing Closure in PHP 8.5

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

FOSS Weekly #25.30: AUR Poisoned, Linux Rising, PPA Explained, New Open Source Grammar Checker and More

How to Open Control Panel in Windows 11

How to Shut Down Windows 11

CVE-2025-4392 – WordPress Shared Files Frontend Stored Cross-Site Scripting

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Deploy Stealth Backdoor in WordPress Mu-Plugins to Maintain Admin Access

1KB JavaScript Demoscene Challenge Just Launched

CVE-2025-54059 – Melange SBOM Generation Permissions Vulnerability

The impact of gray work on software development

SpeakStream: Streaming Text-to-Speech with Interleaved Data

CVE-2025-5759 – PHPGurukul Local Services Search Engine Management System SQL Injection Vulnerability

Influential Mainframers Trivia

Adobe GenStudio for Performance Marketing for Beginners

Windows 11 Clean Installs Now Include Fully Updated Apps Out of the Box

CVE-2025-4392 – WordPress Shared Files Frontend Stored Cross-Site Scripting

Related Posts