CVE-2025-5336 – WordPress Click to Chat Stored Cross-Site Scripting Vulnerability

June 14, 2025

CVE ID : CVE-2025-5336

Published : June 14, 2025, 9:15 a.m. | 4 hours, 56 minutes ago

Description : The Click to Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-no_number’ parameter in all versions up to, and including, 4.22 to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6061 – YouTube Video for WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-4216 – DIOT SCADA with MQTT WordPress Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-3958 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

April 27, 2025

CVE ID : CVE-2025-3958

Published : April 27, 2025, 4:15 a.m. | 4 hours ago

Description : A vulnerability was found in withstars Books-Management-System 1.0. It has been classified as problematic. Affected is an unknown function of the file /book_edit_do.html of the component Book Edit Page. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

How To Prevent WordPress SQL Injection Attacks

This week in AI dev tools: Apple’s Foundations Model framework, Mistral’s first reasoning model, and more (June 13, 2025)

Open Talent platforms emerging to match skilled workers to needs, study finds

Java never goes out of style: Celebrating 30 years of the language

DistroWatch Weekly, Issue 1126

It’s the year of Linux… at least for Denmark — here’s why the country’s government is dumping Windows and Office 365

Grounded 2’s best feature is happening because Obsidian left the Xbox One behind

6 registry tweaks every tech-savvy user must apply on Windows 11

Right Invoicing App for iPhone: InvoiceTemple

Right Invoicing App for iPhone: InvoiceTemple

Tunnel Run game in 170 lines of pure JS

Integrating Drupal with Salesforce SSO via SAML and Dynamic User Sync

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

Microsoft has a new tool to get you off Windows 10 and onto a Windows 11 PC

DistroWatch Weekly, Issue 1126

Find ASCII Emoji Easily with this GNOME Shell Applet

CVE-2025-5336 – WordPress Click to Chat Stored Cross-Site Scripting Vulnerability

Critical Blink Router Flaws (CVSS 9.8) Allow Remote Root Code Execution via Unauthenticated Attacks

KIA Ecuador Keyless Entry Systems Vulnerability Exposes Thousands of Vehicles to Theft

CVE-2025-31926 – LambertGroup Sticky Radio Player SQL Injection Vulnerability

CVE-2025-47110 – Adobe Commerce Stored Cross-Site Scripting (XSS) Vulnerability

15+ Best Free Titles Templates for After Effects in 2025

Google just gave Gmail a major AI upgrade, and it solves a big problem for me

CVE-2025-3958 – Withstars Books-Management-System Cross-Site Scripting Vulnerability

CVE-2025-4727 – Meteor DDP-Server Regular Expression Complexity Remote Vulnerability

CVE-2025-4490 – Campcodes Online Food Ordering System SQL Injection Vulnerability

CVE-2025-20214 – Cisco IOS XE NACM Unauthorized Data Access Vulnerability

CVE-2025-5336 – WordPress Click to Chat Stored Cross-Site Scripting Vulnerability

Related Posts