CVE-2025-6462 – WordPress EZ SQL Reports Stored Cross-Site Scripting Vulnerability

June 29, 2025

CVE ID : CVE-2025-6462

Published : June 29, 2025, 5:15 a.m. | 2 hours, 6 minutes ago

Description : The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s SQLREPORT shortcode in all versions up to, and including, 5.25.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6845 – “Simple Forum SQL Injection Vulnerability”

Next Article CVE-2025-6844 – Simple Forum SQL Injection Vulnerability

How AI further empowers value stream management

12 Top ReactJS Development Companies in 2025

Not sure where to go with AI? Here’s your roadmap.

This week in AI dev tools: A2A donated to Linux Foundation, OpenAI adds Deep Research to API, and more (June 27, 2025)

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

DistroWatch Weekly, Issue 1128

Your Slack app is getting a big upgrade – here’s how to try the new AI features

How Code Feedback MCP Enhances AI-Generated Code Quality

How Code Feedback MCP Enhances AI-Generated Code Quality

PRSS Site Creator – Create Blogs and Websites from Your Desktop

Say hello to ECMAScript 2025

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

Microsoft’s Copilot+ has been here over a year and I still don’t care about it — but I do wish I had one of its features

SteelSeries’ latest wireless mouse is cheap and colorful — but is this the one to spend your money on?

Microsoft confirms Windows 11 25H2, might make Windows more stable

CVE-2025-6462 – WordPress EZ SQL Reports Stored Cross-Site Scripting Vulnerability

CVE-2025–49144: Notepad++ vulnerability allows full system compromise

Bluetooth Vulnerabilities Let Hackers Spy on Your Headphones and Earbuds

DolphinGemma: How Google AI is helping decode dolphin communication

How can we counter online disinformation? | Unlocked 403 cybersecurity podcast (S2E2)

Kritiek path traversal-lek geeft toegang tot voip-platform Mitel MiCollab

CVE-2025-6653 – PDF-XChange Editor PRC File Parsing Out-Of-Bounds Read Information Disclosure

Microsoft will enhance the Edge Sidebar with Copilot Chat agents

Rilasciata RefreshOS 2.5: La distribuzione GNU/Linux basata su Debian per tutti

Fake Security Plugin on WordPress Enables Remote Admin Access for Attackers

Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security

CVE-2025-6462 – WordPress EZ SQL Reports Stored Cross-Site Scripting Vulnerability

Related Posts