CVE-2025-2540 – WordPress PrettyPhoto Stored Cross-Site Scripting

July 3, 2025

CVE ID : CVE-2025-2540

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40723 – Flatboard Pro Stored Cross-Site Scripting (XSS)

Next Article CVE-2025-27461 – “HP Device EPC2 Passwordless Login Vulnerability”

Highlights

CVE-2025-53122 – OpenNMS Horizon and Meridian SQL Injection Vulnerability

June 26, 2025

CVE ID : CVE-2025-53122

Published : June 26, 2025, 8:15 p.m. | 1 hour, 6 minutes ago

Description : Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in OpenNMS Horizon and Meridian applications allows SQL Injection.

Users
should upgrade to Meridian 2024.2.6 or newer, or Horizon 33.16 or newer. Meridian and
Horizon installation instructions state that they are intended for installation
within an organization’s private networks and should not be directly accessible
from the Internet.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

I found the ultimate MacBook Air alternative for Windows users – and it’s priced well

Outdated IT help desks are holding businesses back – but there is a solution

Android’s latest update can force apps into dark mode – how to see it now

I tried the Google Pixel Watch 4 – and these key features made it feel indispensable

Building Cross-Platform Alerts with Laravel’s Notification Framework

Building Cross-Platform Alerts with Laravel’s Notification Framework

Add Notes Functionality to Eloquent Models With the Notable Package

How to install OpenPlatform — IoT platform

Basics of Digital Forensics

Basics of Digital Forensics

Top Linux Server Automation Tools: Simplifying System Administration

Rising from the Ashes: How AlmaLinux and Rocky Linux Redefined the Post-CentOS Landscape

CVE-2025-2540 – WordPress PrettyPhoto Stored Cross-Site Scripting

“What happens online stays online” and other cyberbullying myths, debunked

The need for speed: Why organizations are turning to rapid, trustworthy MDR

I took my ROG Ally X to Taiwan in this magnetic case, and going zipperless went better than I thought it would

Grand Theft Auto VI delay causes Take-Two shares to drop, while CEO Strauss Zelnick assures investors that everything is fine

CVE-2025-30159 – Kirby Path Traversal and Code Execution Vulnerability

The most popular AI tools of 2025 (and what that even means)

CVE-2025-53122 – OpenNMS Horizon and Meridian SQL Injection Vulnerability

CZUR StarryHub Review: A Smart Projector for Modern Offices

Kodeco Podcast: Mastering Multiplatform: Flutter vs KMP – Podcast V2, S3 E5 [FREE]

CVE-2025-3842 – Panhainan DS-Java Code Injection Vulnerability

CVE-2025-2540 – WordPress PrettyPhoto Stored Cross-Site Scripting

Related Posts