CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-5524

Published : June 19, 2025, 5:15 a.m. | 17 minutes ago

Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50182 – “urllib3 Browser Redirect Handling Vulnerability”

Next Article Intel Prepares Massive Layoffs: Up to 20% of Foundry Division Workforce Cut Starting July 2025

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

I’ve tested dozens of robot vacuums. These are the three I recommend most to family and friends

These apps are quietly draining your phone battery – how to find and shut them down

184 million passwords for Google, Microsoft, Facebook, and more leaked in massive data breach

I tested the world’s thinnest SSD enclosure – here’s why it’s the perfect PC accessory for me

Importance of Performance Adaptation in Frontend Development

Importance of Performance Adaptation in Frontend Development

Proactive, Not Reactive – The Key to Inclusive and Accessible Design

Reset Rate Limits Dynamically with Laravel’s clear Method

Stage – Git GUI client for Linux desktops

Stage – Git GUI client for Linux desktops

Edit: L’editor di testo a riga di comando di Microsoft anche per GNU/Linux

Splitcat – split and merge files

CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

TCC Bypass vulnerabilities in two macOS applications

I changed 7 Samsung phone settings to dramatically improve the battery life

Reasoning Models Know When They’re Right: NYU Researchers Introduce a Hidden-State Probe That Enables Efficient Self-Verification and Reduces Token Usage by 24%

Learn Kubernetes – Full Handbook for Developers, Startups, and Businesses

CVE-2025-3975 – ScriptAndTools eCommerce-website-in-PHP Information Disclosure Vulnerability

CVE-2025-47757 – Adobe VSFT Out-of-Bounds Read Vulnerability

I played Capcom’s Pragmata, and it’s not what you expect

Ritesh Sachdeo Shatters Boundaries in Perficient’s Quality Assurance Practice

Build rich, interactive web apps with an updated Gemini 2.5 Pro

CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

Related Posts