CVE-2025-4652 – Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

June 9, 2025

CVE ID : CVE-2025-4652

Published : June 9, 2025, 6:15 a.m. | 3 hours, 23 minutes ago

Description : The Broadstreet WordPress plugin before 1.51.8 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3581 – “Newsletter WordPress Plugin Stored Cross-Site Scripting Vulnerability”

Next Article CVE-2025-47712 – “nbdkit Blocksize Filter Denial of Service Vulnerability”

Highlights

CVE-2025-7132 – Campcodes Payroll Management System SQL Injection Vulnerability

July 7, 2025

CVE ID : CVE-2025-7132

Published : July 7, 2025, 3:15 p.m. | 2 hours, 8 minutes ago

Description : A vulnerability was found in Campcodes Payroll Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ajax.php?action=save_payroll. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-4652 – Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

The Minecraft Movie reviews are rolling in and it’s not looking good — “You will want to block your memory.”

Windows 11 version 25H2: Everything you need to know about Microsoft’s next OS release

Beyond The Hype: What AI Can Really Do For Product Design

Speedtest tests your internet speed

CVE-2025-7132 – Campcodes Payroll Management System SQL Injection Vulnerability

Cisco Issues Urgent Patch for Critical Unified CM Vulnerability (CVE-2025-20309)

CVE-2025-5161 – H3C SecCenter SMP-E1114P Remote Path Traversal Vulnerability

Microsoft 365 Copilot can now repurpose your Content

CVE-2025-4652 – Broadstreet WordPress Reflected Cross-Site Scripting Vulnerability

Related Posts