CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-5490

Published : June 19, 2025, 6:15 a.m. | 4 hours, 21 minutes ago

Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4571 – GiveWP – Donation Plugin and Fundraising Platform Unauthenticated Data Disclosure and Modification Vulnerability

Next Article Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

Stack up to 3 years of Xbox Game Pass Core and save nearly $50 in this last minute deal — Peace of mind for all your online multiplayer games

CVE-2025-47725 – Delta Electronics CNCSoft Remote Code Execution Vulnerability

svelte vs react

CVE-2025-8420 – WordPress Request a Quote Form Plugin Remote Code Execution Vulnerability

CVE-2025-5040 – Autodesk Revit Heap-Based Overflow Vulnerability

PowerToys 0.91 update brings major improvements to Command Palette & more

CVE-2025-53321 – Raise The Money Cross-Site Scripting

IBM Cloud login breaks for second time this week and Big Blue isn’t saying why

CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

Related Posts