CVE-2025-5950 – IndieBlocks WordPress Stored Cross-Site Scripting Vulnerability

June 13, 2025

CVE ID : CVE-2025-5950

Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago

Description : The IndieBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘kind’ parameter in all versions up to, and including, 0.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5282 – WordPress WP Travel Engine Tour Booking Plugin Unauthenticated Post Deletion Vulnerability

Next Article CVE-2025-5939 – Telegram for WP WordPress Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-32354 – Zimbra Collaboration CSRF Vulnerability

April 29, 2025

CVE ID : CVE-2025-32354

Published : April 29, 2025, 4:15 p.m. | 31 minutes ago

Description : In Zimbra Collaboration (ZCS) 9.0 through 10.1, a Cross-Site Request Forgery (CSRF) vulnerability exists in the GraphQL endpoint (/service/extension/graphql) of Zimbra webmail due to a lack of CSRF token validation. This allows attackers to perform unauthorized GraphQL operations, such as modifying contacts, changing account settings, and accessing sensitive user data when an authenticated user visits a malicious website.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

6 registry tweaks every tech-savvy user must apply on Windows 11

Here’s why network infrastructure is vital to maximizing your company’s AI adoption

The AI video tool behind the most viral social trends right now

Got a new password manager? How to clean up the password mess you left in the cloud

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

Windows 11 24H2 tests toggle to turn off Recommended feed in the Start menu

User calls Windows 11 “pure horror,” Microsoft says it’s listening to feedback

John the Ripper is an advanced offline password cracker

CVE-2025-5950 – IndieBlocks WordPress Stored Cross-Site Scripting Vulnerability

HPE Issues Security Patch for StoreOnce Bug Allowing Remote Authentication Bypass

Chaos RAT Malware Targets Windows and Linux via Fake Network Tool Downloads

CVE-2025-46567 – LLaMA Factory Deserialization Command Execution Vulnerability

CVE-2023-49904 – Apache HTTP Server Remote Code Execution

Apple’s bold idea for no-code apps built with Siri – hype or hope?

CVE-2025-49445 – WP Map Plugins Interactive UK Regional Map CSRF Vulnerability

CVE-2025-32354 – Zimbra Collaboration CSRF Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

Git Interactive Rebase Tool – terminal-based sequence editor for interactive rebase

CVE-2025-3607 – WordPress Frontend Login and Registration Blocks Privilege Escalation Vulnerability

CVE-2025-5950 – IndieBlocks WordPress Stored Cross-Site Scripting Vulnerability

Related Posts