CVE-2025-4587 – WordPress A/B Testing Stored Cross-Site Scripting

June 27, 2025

CVE ID : CVE-2025-4587

Published : June 27, 2025, 8:15 a.m. | 2 hours, 54 minutes ago

Description : The A/B Testing for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘ab-testing-for-wp/ab-test-block’ block in all versions up to, and including, 1.18.2 due to insufficient input sanitization and output escaping on the ‘id’ parameter. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5306 – Pandora FMS Command Injection Vulnerability

Next Article Apple Overhauls EU App Store Policy: New Fees & Open External Purchases After €500M Fine

Highlights

CVE-2025-4123 – Grafana Cross-Site Scripting (XSS) via Client Path Traversal and Open Redirect

May 22, 2025

CVE ID : CVE-2025-4123

Published : May 22, 2025, 8:15 a.m. | 29 minutes ago

Description : A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vulnerability does not require editor permissions and if anonymous access is enabled, the XSS will work. If the Grafana Image Renderer plugin is installed, it is possible to exploit the open redirect to achieve a full read SSRF.

The default Content-Security-Policy (CSP) in Grafana will block the XSS though the `connect-src` directive.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

The top 4 Bluetooth speakers I’m taking everywhere this summer (including a surprise pick)

Your Android phone is getting a big security upgrade for free – here’s what’s new

How a 5-minute circuit scan saved me hundreds (and exposed a serious wiring surprise)

Using AI saves teachers ‘six weeks per year,’ Gallup poll finds – but at what cost?

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

billboard.js 3.16.0 release: ✨ bar trending line & improved resizing performance!

ISO 20022 – End of MT Coexistence for Cash Instructions Fast Approaching

Building Trust and Shaping the Future: Implementing Responsible AI – Part 2

Windows 11 KB5060826 fixes slow Search, direct download links

Windows 11 KB5060826 fixes slow Search, direct download links

Rilasciata Tails 6.17: Più Privacy e Sicurezza con le Nuove Funzionalità

Rilasciata Deepin 25: La distribuzione GNU/Linux immutabile con assistente vocale e pacchetti universali

CVE-2025-4587 – WordPress A/B Testing Stored Cross-Site Scripting

CVE-2025-6772 – Eosphoros-AI Db-GPT Path Traversal Vulnerability

CVE-2025-6773 – HKUDS LightRAG Path Traversal Vulnerability

Distillation Scaling Laws

CVE-2025-2851 – GL.iNet RPC Handler Buffer Overflow

This AI Paper Unveils a Reverse-Engineered Simulator Model for Modern NVIDIA GPUs: Enhancing Microarchitecture Accuracy and Performance Prediction

New model predicts a chemical reaction’s point of no return

CVE-2025-4123 – Grafana Cross-Site Scripting (XSS) via Client Path Traversal and Open Redirect

CVE-2025-28022 – TOTOLINK A810R Buffer Overflow Vulnerability

Extend large language models powered by Amazon SageMaker AI using Model Context Protocol

Music AI Sandbox, now with new features and broader access

CVE-2025-4587 – WordPress A/B Testing Stored Cross-Site Scripting

Related Posts