CVE-2025-6257 – WordPress Euro FxRef Currency Converter Stored Cross-Site Scripting Vulnerability

June 20, 2025

CVE ID : CVE-2025-6257

Published : June 20, 2025, 9:15 a.m. | 1 hour, 27 minutes ago

Description : The Euro FxRef Currency Converter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s currency shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6320 – PHPGurukul Pre-School Enrollment System SQL Injection

Next Article CVE-2025-6319 – PHPGurukul Pre-School Enrollment System SQL Injection Vulnerability

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

Melissa brings its data quality solutions to Azure with new SSIS integration

Automating Design Systems: Tips And Resources For Getting Started

This $180 mini projector has no business being this good for the price

GPT-5 is finally here, and you can access it for free today – no subscription needed

Changing this Android setting instantly doubled my phone speed (Samsung and Google models included)

ChatGPT can now talk nerdy to you – plus more personalities and other upgrades beyond GPT-5

Advanced Application Architecture through Laravel’s Service Container Management

Advanced Application Architecture through Laravel’s Service Container Management

Switch Between Personas in Laravel With the MultiPersona Package

AI-Driven Smart Tagging and Metadata in AEM Assets

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Bill Gates on AI’s Impact: ‘Be Curious, Read, and Use the Latest Tools’

Halo Infinite’s Fall Update: New Features and Modes to Revive the Game?

Forza Motorsport’s Future in Jeopardy: Fans Demand Clarity from Microsoft

CVE-2025-6257 – WordPress Euro FxRef Currency Converter Stored Cross-Site Scripting Vulnerability

Microsoft to Pull Plug on Shared EWS Access in Hybrid Exchange by October

Google Confirms Salesforce Database Breach by ShinyHunters Group

Discover Microsoft’s Exclusive 50th Anniversary Wallpaper: How to Download It

Windows 11 KB5062552 adds PC-to-PC transfer, direct download links

Physical UI, Escaping UX Traps

CVE-2025-28951 – CreedAlly Bulk Featured Image Unrestricted File Upload Vulnerability

CVE-2025-52439 – Cisco WebEx Meeting Center Unvalidated Redirect

CVE-2023-31359 – AMD Manageability API Privilege Escalation Vulnerability

CVE-2025-53005 – DataEase PostgreSQL Data Source JDBC Connection Factory Argument Injection Vulnerability

CVE-2025-46572 – Auth0 Passport-wsfed-saml2 SAML Authentication Bypass

CVE-2025-6257 – WordPress Euro FxRef Currency Converter Stored Cross-Site Scripting Vulnerability

Related Posts