CVE-2025-6350 – WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

June 28, 2025

CVE ID : CVE-2025-6350

Published : June 28, 2025, 4:15 a.m. | 2 hours, 7 minutes ago

Description : The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6381 – BeeTeam368 Extensions plugin for WordPress Directory Traversal Vulnerability

Next Article CVE-2025-6379 – BeeTeam368 Extensions Pro for WordPress Directory Traversal Vulnerability

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

Google’s coding agent Jules gets critique functionality

GitHub Availability Report: July 2025

From private to public: How a United Nations organization open sourced its tech in four steps

We Might Need Something Between Root and Relative CSS Units for “Base Elements”

Microsoft Targets ‘Critical AI Talent’ from Meta to Dominate Next AI Breakthroughs

Laravel Global Scopes: Automatic Query Filtering

Laravel Global Scopes: Automatic Query Filtering

Building MCP Servers in PHP

Filament v4 is Stable!

Anthropic Offers Claude AI to All U.S. Government Branches for Just $1

Anthropic Offers Claude AI to All U.S. Government Branches for Just $1

Microsoft Tests Prompting Heavy Chrome Users to Pin Edge to Windows 11 Taskbar

PC Maintenance Software: 6 Best to Use in 2025

CVE-2025-6350 – WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

CVE-2025-8879 – Google Chrome Heap Buffer Overflow Vulnerability

CVE-2025-8880 – Google Chrome V8 Race Condition Execution of Arbitrary Code

Microsoft CVP thinks we’ll be ditching mice and keyboards in a future version of Windows in favor of AI chats — “The world of mousing around and typing will feel as alien as it does to Gen-Z to use MS-DOS.”

CVE-2024-6235: NetScaler Console Flaw Enables Admin Access, PoC Publishes

2023: A Year of Groundbreaking Advances in AI and Computing

Next.js vs. Traditional React: What Businesses Need to Know

CVE-2025-4372 – Google Chrome WebAudio Use After Free Vulnerability

Verizon will give you up to four free iPhone 15 Plus phones – here’s how to get yours

CVE-2015-4582 – TheCartPress Boot Store WordPress Header PHP TCP Register Error XSS

I’m A Mommy Mamacita Shirt

CVE-2025-6350 – WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

Related Posts