CVE-2025-5303 – Freightview, Daylight, Day & Ross WordPress Plugins – Stored Cross-Site Scripting

June 7, 2025

CVE ID : CVE-2025-5303

Published : June 7, 2025, 9:15 a.m. | 1 hour, 30 minutes ago

Description : The LTL Freight Quotes – Freightview Edition, LTL Freight Quotes – Daylight Edition and LTL Freight Quotes – Day & Ross Edition plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, and including, 1.0.11, 2.2.6 and 2.1.10 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleX11Libre: Un Nuovo Inizio per il Server X?

Next Article CVE-2025-5399 – “Libcurl WebSocket DoS Vulnerability”

Highlights

CVE-2025-7803 – Descreekert wx-discuz Cross-Site Scripting Vulnerability

July 18, 2025

CVE ID : CVE-2025-7803

Published : July 18, 2025, 8:15 p.m. | 2 hours, 31 minutes ago

Description : A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross site scripting. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

Handling JavaScript Event Listeners With Parameters

I finally gave NotebookLM my full attention – and it really is a total game changer

Google Chrome for iOS now lets you switch between personal and work accounts

How the Trump administration changed AI: A timeline

Download your photos before AT&T shuts down its cloud storage service permanently

Laravel Live Denmark

Laravel Live Denmark

The July 2025 Laravel Worldwide Meetup is Today

Livewire Security Vulnerability

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

Halo and Half-Life combine in wild new mod, bringing two of my favorite games together in one — here’s how to play, and how it works

Surprise! The iconic Roblox ‘oof’ sound is back — the beloved meme makes “a comeback so good it hurts” after three years of licensing issues

CVE-2025-5303 – Freightview, Daylight, Day & Ross WordPress Plugins – Stored Cross-Site Scripting

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access

QuickPoint

OneDrive for Mac will soon give you more flexible storage options

Stretch Break Linux App Reminds You to Stop Pixel-Gawping

Vibe Coding: Game Changer or Catastrophe For App/Game Dev?

CVE-2025-7803 – Descreekert wx-discuz Cross-Site Scripting Vulnerability

CVE-2025-41444 – Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

CVE-2025-4549 – Campcodes Online Food Ordering System SQL Injection Vulnerability

Fiverr vs Upwork: Which is Better for Freelancers & Clients?

CVE-2025-5303 – Freightview, Daylight, Day & Ross WordPress Plugins – Stored Cross-Site Scripting

Related Posts