CVE-2025-6546 – WordPress Drive Folder Embedder Plugin Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-6546

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Drive Folder Embedder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tablecssclass’ parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleClassic WTF: NoeTimeToken

Next Article CVE-2025-6537 – WordPress Namasha By Mdesign Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-54316 – Logpoint Jinja Template XSS Vulnerability

July 20, 2025

CVE ID : CVE-2025-54316

Published : July 20, 2025, 7:15 p.m. | 4 hours, 2 minutes ago

Description : An issue was discovered in Logpoint before 7.6.0. When creating reports, attackers can create custom Jinja templates that chained built-in filter functions to generate XSS payloads. These payloads can be rendered by the Logpoint Report Template engine, making it vulnerable to cross-site scripting (XSS) attacks.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

GitHub’s CEO Thomas Dohmke steps down, triggering tighter integration of company within Microsoft

bitHuman launches SDK for creating AI avatars

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

I found a Google Maps alternative that won’t track you or drain your battery – and it’s free

I tested this new AI podcast tool to see if it can beat NotebookLM – here’s how it did

Microsoft’s new update makes your taskbar a productivity hub – here’s how

Save $50 on the OnePlus Pad 3 plus get a free gift – here’s the deal

Laravel Global Scopes: Automatic Query Filtering

Laravel Global Scopes: Automatic Query Filtering

Building MCP Servers in PHP

Filament v4 is Stable!

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

Madden NFL 26 Leads This Week’s Xbox Drops—But Don’t Miss These Hidden Gems

ASUS G14 Bulked Up for 2025—Still Sexy, Just a Bit Chonkier

CVE-2025-6546 – WordPress Drive Folder Embedder Plugin Stored Cross-Site Scripting Vulnerability

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

WinRAR zero-day exploited in espionage attacks against high-value targets

I spent a week with the awesome Maingear MG-1 — it’s the next best thing to building your own system

I refunded The Elder Scrolls 4: Oblivion Remaster on Steam Deck and I’m not the only one unhappy with it

CVE-2024-53591 – Seclore Brute Force Authentication Bypass

Nintendo Switch 2 Game-Key Cards reveal the death of physical console games

CVE-2025-54316 – Logpoint Jinja Template XSS Vulnerability

An Animated Introduction to Programming with Python

ereandel is a Gemini web browser using shell script

RFP Templates and Guidebook

CVE-2025-6546 – WordPress Drive Folder Embedder Plugin Stored Cross-Site Scripting Vulnerability

Related Posts