CVE-2025-6350 – WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

June 28, 2025

CVE ID : CVE-2025-6350

Published : June 28, 2025, 4:15 a.m. | 2 hours, 7 minutes ago

Description : The WP VR – 360 Panorama and Free Virtual Tour Builder For WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘hotspot-hover’ parameter in all versions up to, and including, 8.5.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6381 – BeeTeam368 Extensions plugin for WordPress Directory Traversal Vulnerability

Next Article CVE-2025-6379 – BeeTeam368 Extensions Pro for WordPress Directory Traversal Vulnerability

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

The next big HDMI leap has arrived – here’s how these 16K cables will shake things up

Here’s how you can still trade in any phone at Verizon to get an iPhone, iPad, and Apple Watch free

Anthropic has a plan to combat AI-triggered job losses predicted by its CEO

Forget Google and Microsoft: OpenAI may be building the ultimate work suite of apps and services

Say hello to ECMAScript 2025

Say hello to ECMAScript 2025

Ecma International approves ECMAScript 2025: What’s new?

Building Together: PRFT Colleagues Volunteer with Atlanta Habitat for Humanity

Fix Elden Ring Nightreign Connection Errors And Server Login Failure PC

Fix Elden Ring Nightreign Connection Errors And Server Login Failure PC

Fix Now EAC Error 20006 in Elden Ring: Nightreign [6 Easy Tricks]

Fix Now Elden Ring Nightreign EAC Error 30005 (CreateFile Failed)

CVE-2025-6350 – WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

CVE-2025-53380 – Apache Struts Deserialization Vulnerability

CVE-2025-53383 – Apache HTTP Server Cross-Site Request Forgery

CVE-2025-3322 – Apache Server Code Injection Vulnerability

CVE-2025-5435 – Marwal Infotech CMS SQL Injection Vulnerability

CVE-2005-2347 – CVE-2022-1234: Apache Struts XML Entity Expansion (XXE) Vulnerability

Words is a multilingual offline dictionary

Microsoft partners with India’s CBI & Japan’s JC3 to bust AI scam targeting Japanese older adults

Tony Hawk’s Pro Skater 3 + 4 demo now is available now if you preorder — Michelangelo is coming too

Stanford Researchers Propose FramePack: A Compression-based AI Framework to Tackle Drifting and Forgetting in Long-Sequence Video Generation Using Efficient Context Management and Sampling

CVE-2025-3200 – “Com-Server TLS Protocol Downgrade Vulnerability”

CVE-2025-6350 – WordPress WP VR 360 Panorama Stored Cross-Site Scripting Vulnerability

Related Posts