CVE-2025-5488 – WordPress WP Masonry & Infinite Scroll Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-5488

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The WP Masonry & Infinite Scroll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘wmis’ shortcode in all versions up to, and including, 2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4334 – WordPress Simple User Registration Privilege Escalation Vulnerability

Next Article CVE-2025-3863 – Elementor WordPress Post Carousel Slider Improper Authorization Vulnerability

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Qodo launches CLI agent framework

Overture Maps launches GERS, a system of unique IDs for global geospatial entities

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

Sam Altman says ChatGPT has evolved beyond a mere “Google replacement” — with ads potentially coming to users

What Are the PHP Trends in 2025

What Are the PHP Trends in 2025

Real-Time Observability for Node.js – Without Code Changes

Elevating API Automation: Exploring Karate as an Alternative to Rest-Assured

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Microsoft Copilot is “pretty important” but customers still prefer ChatGPT — “OpenAI has done a tremendous job”

Will you sync your Windows 10 PC data to the cloud for free access to security updates beyond 2025?

Red Hat Enterprise Linux (RHEL) quietly released an official image for WSL — but most of us won’t be able to use it

CVE-2025-5488 – WordPress WP Masonry & Infinite Scroll Stored Cross-Site Scripting Vulnerability

CVE-2025-3863 – Elementor WordPress Post Carousel Slider Improper Authorization Vulnerability

CVE-2025-4334 – WordPress Simple User Registration Privilege Escalation Vulnerability

Improve or leave: Microsoft makes it easier to fire underperformers

Angular Signals State Management

CVE-2025-31203 – Apple macOS Sequoia Denial-of-Service Vulnerability

CVE-2025-4798 – WordPress WP-DownloadManager Arbitrary File Read Vulnerability

8 ways I use Microsoft’s Copilot Vision AI to save time on my phone and PC

India’s CERT-In steps in to warn users about Windows 10 end of support

Windows UWP Map Control and Maps platform API will be deprecated

Xbox Ally vs Steam Deck: Which is the better gaming handheld?

CVE-2025-5488 – WordPress WP Masonry & Infinite Scroll Stored Cross-Site Scripting Vulnerability

Related Posts