CVE-2025-6537 – WordPress Namasha By Mdesign Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-6537

Published : June 26, 2025, 3:15 a.m. | 1 hour, 52 minutes ago

Description : The Namasha By Mdesign plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘playicon_title’ parameter in all versions up to, and including, 1.2.00 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6546 – WordPress Drive Folder Embedder Plugin Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-6540 – WordPress Web-Cam Plugin Stored Cross-Site Scripting Vulnerability

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

Forget YouTube’s ad blocker war — this Google AI Overviews clone might finally sell me on the $14/month Premium subscription

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

Capcom’s finally giving Street Fighter 6 players the outfits they’ve wanted — when all else fails, send in swimsuits

After 14 years, Monster Hunter Wilds is bringing back underwater combat alongside “Lagiacrus” and another familiar monster — the impossible has happened

OpenAI may prematurely declare AGI to cut ties with Microsoft — despite Sam Altman admitting today’s tech isn’t built for it

CVE-2025-6537 – WordPress Namasha By Mdesign Stored Cross-Site Scripting Vulnerability

CVE-2025-32897 – Apache Seata (incubating) Untrusted Data Deserialization Vulnerability

CVE-2025-6822 – Code-projects Inventory Management System SQL Injection Vulnerability

Google I/O 2025: Top 10 Highlights of Google’s New Announcements

CVE-2023-47032 – NCR Terminal Handler Remote Code Execution Vulnerability

CVE-2025-5487 – AutomatorWP SQL Injection Vulnerability

CVE-2025-41427 – WRC-X3000GS, WRC-X3000GSA, and WRC-X3000GSN OS Command Injection Vulnerability in Connection Diagnostics Page

CVE-2025-4791 – FreeFloat FTP Server Buffer Overflow Vulnerability

CVE-2025-53073 – Sentry Project Issue Access Authorization Bypass

CVE-2025-0716 – AngularJS SVG Image Content Spoofing

CVE-2025-23168 – “Versa Networks Two-Factor Authentication OTP Redirection and Replay Vulnerability”

CVE-2025-6537 – WordPress Namasha By Mdesign Stored Cross-Site Scripting Vulnerability

Related Posts