CVE-2025-5842 – WordPress Modern Design Library Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-5842

Published : June 26, 2025, 10:15 a.m. | 48 minutes ago

Description : The Modern Design Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6703 – Mozilla neqo Unvalidated Input Crash

Next Article CVE-2025-5338 – Royal Elementor Addons WordPress Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-3935 – ScreenConnect ASP.NET ViewState Code Injection Vulnerability

April 25, 2025

CVE ID : CVE-2025-3935

Published : April 25, 2025, 7:15 p.m. | 29 minutes ago

Description : ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection attack. ASP.NET Web Forms use ViewState to preserve page and control state, with data encoded using Base64 protected by machine keys.
It is important to note that to obtain these machine keys, privileged system level access must be obtained.

If these machine keys are compromised, attackers could create and send a malicious ViewState to the website, potentially leading to remote code execution on the server.

The risk does not originate from a vulnerability introduced by ScreenConnect, but from platform level behavior. This had no direct impact to ScreenConnect Client. ScreenConnect 2025.4 patch disables ViewState and removes any dependency on it.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Across the 4th Dimension

Cursor vs GitHub Copilot (2025): Which AI Platform Wins for Your Node.js Dev Team?

NuGet adds support for Trusted Publishing

AWS launches IDE extension for building browser automation agents

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

IDC ServiceScape for Microsoft Power Apps Low-Code/No-Code Custom Application Development Services

A Stream-Oriented UI library for interactive web applications

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

CVE-2025-5842 – WordPress Modern Design Library Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

EgoDex: Learning Dexterous Manipulation from Large-Scale Egocentric Video

CVE-2025-29534 – PowerStick Wave Dual-Band Wifi Extender Remote Code Execution Vulnerability

ESET APT Activity Report Q4 2024–Q1 2025: Malware sharing, wipers and exploits

DevSecOps Phase 4B: Manual Penetration Testing

CVE-2025-3935 – ScreenConnect ASP.NET ViewState Code Injection Vulnerability

Zhipu AI Releases GLM-4.5V: Versatile Multimodal Reasoning with Scalable Reinforcement Learning

CoMotion: Concurrent Multi-Person 3D Motion

Jaguar Land Rover Cyberattack Halts Global Operations and Retail Systems

CVE-2025-5842 – WordPress Modern Design Library Stored Cross-Site Scripting Vulnerability

Related Posts