CVE-2025-5539 – WordPress WP Easy Contact Stored Cross-Site Scripting

June 4, 2025

CVE ID : CVE-2025-5539

Published : June 4, 2025, 5:15 a.m. | 2 hours, 18 minutes ago

Description : The Simple Contact Form Plugin for WordPress – WP Easy Contact plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 4.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5562 – PHPGurukul Curfew SQL Injection Vulnerability

Next Article CVE-2025-5561 – PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability

Highlights

CVE-2025-49794 – “Libxml2 Use-After-Free XPath Element Parsing Vulnerability”

June 16, 2025

CVE ID : CVE-2025-49794

Published : June 16, 2025, 4:15 p.m. | 2 hours, 6 minutes ago

Description : A use-after-free vulnerability was found in libxml2. This issue occurs when parsing XPath elements under certain circumstances when the XML schematron has the schema elements. This flaw allows a malicious actor to craft a malicious XML document used as input for libxml, resulting in the program’s crash using libxml or other possible undefined behaviors.

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5539 – WordPress WP Easy Contact Stored Cross-Site Scripting

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

Rilasciato Thunderbird 139: il client di posta elettronica libero si rinnova

CVE-2025-5323 – Fossasia Open-Event-Server Encryption Bypass Vulnerability

Distribution Release: Voyager Live 25.04

CVE-2025-47735 – Wgp Rust Lack of Drop Slow Thread Synchronization

CVE-2025-49794 – “Libxml2 Use-After-Free XPath Element Parsing Vulnerability”

Active Directory dMSA Privilege Escalation Attack Detailed by Researchers

Orange Pi R2S Single Board Computer Running Linux: Introduction

The 2025 Work Trend Index Annual Report: The Year the Frontier Firm Is Born

CVE-2025-5539 – WordPress WP Easy Contact Stored Cross-Site Scripting

Related Posts