CVE-2025-5528 – WordPress Sassy Social Share Reflected Cross-Site Scripting Vulnerability

June 7, 2025

CVE ID : CVE-2025-5528

Published : June 7, 2025, 12:15 p.m. | 3 hours, 15 minutes ago

Description : The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.75 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action, such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49619 – Skyvern Jinja Runtime Leak

Next Article CVE-2025-5568 – WordPress WpEvently Stored Cross-Site Scripting

Highlights

CVE-2025-4660 – “SecureConnector Windows Agent Named Pipe Remote Code Execution Vulnerability”

May 13, 2025

CVE ID : CVE-2025-4660

Published : May 13, 2025, 6:15 p.m. | 49 minutes ago

Description : A remote code execution vulnerability exists in the Windows agent component of SecureConnector due to improper access controls on a named pipe. The pipe is accessible to the Everyone group and does not restrict remote connections, allowing any network-based attacker to connect without authentication. By interacting with this pipe, an attacker can redirect the agent to communicate with a rogue server that can issue commands via the SecureConnector Agent.

This does not impact Linux or OSX Secure Connector.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-5528 – WordPress Sassy Social Share Reflected Cross-Site Scripting Vulnerability

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

Windows 11 adds an AI agent to help you manage settings — Here’s what it is and how it works

CVE-2025-3815 – WordPress SurveyJS Stored Cross-Site Scripting

OneDrive for Web will be enhanced with PDF compression

CVE-2025-6100 – Realguoshuai Open-Video-CMS SQL Injection Vulnerability

CVE-2025-4660 – “SecureConnector Windows Agent Named Pipe Remote Code Execution Vulnerability”

Microsoft and Databricks extend partnership to boost AI innovation on Azure

Your Wemo smart devices are about to get dumb as Belkin pulls the plug

CVE-2025-5064 – Google Chrome Background Fetch API Cross-Origin Data Leak Vulnerability

CVE-2025-5528 – WordPress Sassy Social Share Reflected Cross-Site Scripting Vulnerability

Related Posts