CVE-2025-4367 – WordPress Download Manager Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-4367

Published : June 19, 2025, 4:15 a.m. | 51 minutes ago

Description : The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpdm_user_dashboard shortcode in all versions up to, and including, 3.3.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50201 – WeGIA Web Manager OS Command Injection Vulnerability

Next Article CVE-2025-6201 – WooCommerce Pixel Manager Stored Cross-Site Scripting

Highlights

CVE-2025-5991 – Qt QtNetwork Use After Free Vulnerability

June 11, 2025

CVE ID : CVE-2025-5991

Published : June 11, 2025, 8:15 a.m. | 43 minutes ago

Description : There is a “Use After Free” vulnerability in Qt’s QHttp2ProtocolHandler in the QtNetwork module. This only affects HTTP/2 handling, HTTP handling is not affected by this at all. This happens due to a race condition between how QHttp2Stream uploads the body of a
POST request and the simultaneous handling of HTTP error responses.

This issue only affects Qt 6.9.0 and has been fixed for Qt 6.9.1.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

How to free up your Mac’s storage space – 3 easy ways

I finally found a mini PC with a striking design (and the power to back it up)

The best password generators of 2025: Expert tested

Facebook’s new passkey support could soon let you ditch your password forever

eslint-plugin-mutate

eslint-plugin-mutate

Event-Driven Microservice Backend For a Modern E-commerce Platform.

Search Params Are State – How TanStack Router Solves It

You Can Now Auto-Generate Google Forms Using Gemini Using Prompts or Files – Here’s How

You Can Now Auto-Generate Google Forms Using Gemini Using Prompts or Files – Here’s How

Google Helps Devs Build Safe Android Apps with THIS Play Policy – Find Out More Here

Microsoft Edge for Business Now Lets Admins Push Encrypted Passwords to Users Securely

CVE-2025-4367 – WordPress Download Manager Stored Cross-Site Scripting Vulnerability

Massive Data Leak: Hacker Allegedly Selling 16 Billion Login Credentials from Major Tech Giants

Microsoft 365 Boosts Security: Legacy File Access Protocols RPS & FrontPage RPC Phased Out July 2025

UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine

spatie/laravel-mailcoach-sdk

Want AI to work for your business? Then privacy needs to come first

Copilot will generate personalized podcasts for users

CVE-2025-5991 – Qt QtNetwork Use After Free Vulnerability

Avowed game director leaves Obsidian Entertainment for Netflix’s Night School Studio

CVE-2025-6191 – Google Chrome V8 Integer Overflow Vulnerability

Will using a VPN help protect you from malware or ransomware?

CVE-2025-4367 – WordPress Download Manager Stored Cross-Site Scripting Vulnerability

Related Posts