CVE-2025-5034 – WordPress wp-file-download Reflected Cross-Site Scripting

June 21, 2025

CVE ID : CVE-2025-5034

Published : June 21, 2025, 6:15 a.m. | 4 hours, 33 minutes ago

Description : The wp-file-download WordPress plugin before 6.2.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6400 – TOTOLINK N300RH HTTP POST Message Handler Buffer Overflow Vulnerability

Next Article CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

CSS Cascade Layers Vs. BEM Vs. Utility Classes: Specificity Control

IBM launches new integration to help unify AI security and governance

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

Borderlands 4 is killing off a tired “FOMO” trend — I hope other developers follow suit

Dr. Axel’s JavaScript flashcards

Dr. Axel’s JavaScript flashcards

Syntax-Highlight – Custom Element For Syntax Highlighting Content

WelsonJS – Build a Windows app on the Windows built-in JavaScript engine

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

One of World of Warcraft’s deadliest entities makes a world-shattering return after nearly 20 years — and he’s city-sized

It feels like Blizzard has abandoned Diablo 2: Resurrected — but there’s one way to keep it alive for years to come

Steam’s performance tracking tool is becoming more like the Steam Deck’s — you can try it out right now

CVE-2025-5034 – WordPress wp-file-download Reflected Cross-Site Scripting

CVE-2025-49763: Apache Traffic Server Vulnerability Enables Memory Exhaustion Attacks

CVE-2025-6400 – TOTOLINK N300RH HTTP POST Message Handler Buffer Overflow Vulnerability

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

CVE-2025-48947 – Auth0 Next.js SDK Cache-Control Header Missing Vulnerability

ArcoLinux: La fine di un progetto e il futuro degli utenti

CURE: A Reinforcement Learning Framework for Co-Evolving Code and Unit Test Generation in LLMs

The best Vizio TVs of 2025: Expert recommended

Course: WordPress Theme Development (Core Concepts)

CVE-2025-48957 – AstrBot Path Traversal Vulnerability

How E.ON saves £10 million annually with AI diagnostics for smart meters powered by Amazon Textract

CVE-2025-5034 – WordPress wp-file-download Reflected Cross-Site Scripting

Related Posts