CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-5490

Published : June 19, 2025, 6:15 a.m. | 4 hours, 21 minutes ago

Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4571 – GiveWP – Donation Plugin and Fundraising Platform Unauthenticated Data Disclosure and Modification Vulnerability

Next Article Cisco AnyConnect VPN Server Vulnerability Let Attackers Trigger DoS Attack

IBM launches new integration to help unify AI security and governance

Meet Accessible UX Research, A Brand-New Smashing Book

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

Sam Altman claims Meta is trying to poach OpenAI staffers with $100 million bonuses, but “none of our best people have decided to take them up on that”

Why Inclusive Design Solutions Are important for Accessibility

Why Inclusive Design Solutions Are important for Accessibility

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

RAIDOU Remastered: The Mystery of the Soulless Army Review (PC) – A well-done action-RPG remaster that makes me hopeful for more revivals of classic Atlus titles

With Windows 10 circling the drain, Windows 11 sees a long-overdue surge

This PC app boosts FPS in any game on any GPU for only $7 — and it just got a major update

CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

Roundcube: CVE-2025–49113

CVE-2025-23121 Critical Veeam Vulnerability: Backup Servers at Risk from Authenticated RCE Flaw

CVE-2025-24350 – CtrlX OS Certificates and Keys Arbitrary File Write Vulnerability

CVE-2025-41654 – “IBM AIX SNMP Process Information Disclosure and Reboot Vulnerability”

Hyprland Escluso dalla Prossima Versione di Debian 13 “Trixie”

CVE-2024-45380 – Here is a title for a vulnerability:Apache Struts Deserialization Vulnerability

May 2025 Baseline monthly digest

CVE-2025-5734 – TOTOLINK X15 HTTP POST Request Handler Buffer Overflow

Open-Source TTS Reaches New Heights: Nari Labs Releases Dia, a 1.6B Parameter Model for Real-Time Voice Cloning and Expressive Speech Synthesis on Consumer Device

Cisco ClamAV Critical Flaws: CVE-2025-20260 (CVSS 9.8) Allows Code Execution

CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

Related Posts