CVE-2025-4955 – Tarteaucitron.io WordPress Stored Cross-site Scripting Vulnerability

June 18, 2025

CVE ID : CVE-2025-4955

Published : June 18, 2025, 6:15 a.m. | 15 minutes ago

Description : The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCodeSOD: Stop Being So ####

Next Article CVE-2025-51381 – KCM3100 LAN Authentication Bypass Vulnerability

Highlights

CVE-2025-48061 – Wire Webapp Session Invalidation Weakness

May 22, 2025

CVE ID : CVE-2025-48061

Published : May 22, 2025, 5:15 p.m. | 1 hour, 36 minutes ago

Description : wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again after re-opening the application. This does not happen when the user is logged in as a temporary user by selecting “This is a public computer” during login or the user selects “Delete all your personal information and conversations on this device” upon logout. The underlying issue has been fixed with wire-webapp version 2025-05-20-production.0. As a workaround, this behavior can be prevented by either deleting all information upon logout as well as logging in as a temporary client.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

LastPass can now warn or block logins to shadow SaaS apps – here’s how

Get up to a year of Adobe Creative Cloud access for 40% off

Got 6 hours? This free AI training from Google and Goodwill can boost your resume today

Why I recommend this budget phone with a paper-like screen over ‘minimalist’ devices

Laravel Boost, your AI coding starter kit

Laravel Boost, your AI coding starter kit

Using GitHub Copilot in VS Code

Optimizely Mission Control – Part I

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Microsoft’s record stock run collides with Nadella’s admission that 15,000 layoffs still ‘hurt’

Microsoft and Adobe Power Up Fantasy Premier League Fans with AI – Here’s How

CVE-2025-4955 – Tarteaucitron.io WordPress Stored Cross-site Scripting Vulnerability

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

The Wild West of Shadow IT

12 Best Free and Open Source Text-Based Bookmark Managers

This AI Paper Introduces a Short KL+MSE Fine-Tuning Strategy: A Low-Cost Alternative to End-to-End Sparse Autoencoder Training for Interpretability

CISA Alert: Critical Flaws in Consilium Safety CS5000 Fire Panel Could Enable Remote Takeover, No Patch

If it works, it’s right

CVE-2025-48061 – Wire Webapp Session Invalidation Weakness

The best Linux VPNs of 2025: Expert tested and reviewed

How to Build a Testing Framework for E-Commerce Checkout and Payments

Microsoft’s New CLI Text Editor Works Great on Ubuntu

CVE-2025-4955 – Tarteaucitron.io WordPress Stored Cross-site Scripting Vulnerability

Related Posts