CVE-2025-6009 – kiCode111 like-girl SQL Injection Vulnerability

June 12, 2025

CVE ID : CVE-2025-6009

Published : June 12, 2025, 3:15 a.m. | 1 hour, 57 minutes ago

Description : A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49821 – Dropbox Authentication Bypass

Next Article CVE-2025-49820 – Apache HTTP Server Cross-Site Request Forgery

Highlights

CVE-2025-5143 – TableOn – WordPress Posts Table Filterable Stored Cross-Site Scripting

June 21, 2025

CVE ID : CVE-2025-5143

Published : June 21, 2025, 7:15 a.m. | 3 hours, 33 minutes ago

Description : The TableOn – WordPress Posts Table Filterable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s tableon_popup_iframe_button shortcode in all versions up to, and including, 1.0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

Is Agile dead in the age of AI?

Top 15 Enterprise Use Cases That Justify Hiring Node.js Developers in 2025

The Core Model: Start FROM The Answer, Not WITH The Solution

Error’d: Monkey Business

Not just YouTube: Google is using AI to guess your age based on your activity – everywhere

Malicious extensions can use ChatGPT to steal your personal data – here’s how

What Zuckerberg’s ‘personal superintelligence’ sales pitch leaves out

Write Faster With WordPress’ Shortcodes

Write Faster With WordPress’ Shortcodes

Build, Run, and Integrate Your Own LLM with Ollama

How to install IoT platform — Total.js

When Flatpak’s Sandbox Cracks: Real‑Life Security Issues Beyond the Ideal

When Flatpak’s Sandbox Cracks: Real‑Life Security Issues Beyond the Ideal

mpd-mpris – MPRIS protocol for MPD

Rilasciata 4MLinux 49: Distribuzione GNU/Linux Leggera e Versatile

CVE-2025-6009 – kiCode111 like-girl SQL Injection Vulnerability

This month in security with Tony Anscombe – July 2025 edition

WordPress AI Engine Plugin Bug Allows Remote Code Execution – Update Now

AI is changing the rental car return experience – and it could cost you

CVE-2025-4905 – Apache iop-apl-uw Basestation3 Deserialization Vulnerability

South African man imprisoned after ransom demand against his former employer

Fix: Windows Calculator Not Showing USD in Currency Converter

CVE-2025-5143 – TableOn – WordPress Posts Table Filterable Stored Cross-Site Scripting

CVE-2025-45746 – ZKT ZKBio CVSecurity Hardcoded JWT Secret Authentication Bypass

CVE-2025-4135 – Netgear WG302v2 Command Injection Vulnerability

Iterator helpers have become Baseline Newly available

CVE-2025-6009 – kiCode111 like-girl SQL Injection Vulnerability

Related Posts