CVE-2025-2540 – WordPress PrettyPhoto Stored Cross-Site Scripting

July 3, 2025

CVE ID : CVE-2025-2540

Published : July 3, 2025, 12:15 p.m. | 2 hours, 41 minutes ago

Description : Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin’s bundled prettyPhoto library (version 3.1.6) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-40723 – Flatboard Pro Stored Cross-Site Scripting (XSS)

Next Article CVE-2025-27461 – “HP Device EPC2 Passwordless Login Vulnerability”

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-2540 – WordPress PrettyPhoto Stored Cross-Site Scripting

Hackers Target Over 70 Microsoft Exchange Servers to Steal Credentials via Keyloggers

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

Chargebee Starter Kit for Billing in Laravel

CVE-2022-43659 – Apache HTTP Server Cross-Site Scripting

CVE-2025-40571 – Mendix OIDC SSO Privilege Escalation

CVE-2025-40670 – TCMAN GIM Privilege Escalation Vulnerability

⚡ Weekly Recap: APT Intrusions, AI Malware, Zero-Click Exploits, Browser Hijacks and More

MiniMax AI Releases MiniMax-M1: A 456B Parameter Hybrid Model for Long-Context and Reinforcement Learning RL Tasks

CVE-2025-6012 – WordPress Auto Attachments Stored Cross-Site Scripting Vulnerability

Sunshine And March Vibes (2025 Wallpapers Edition)

CVE-2025-2540 – WordPress PrettyPhoto Stored Cross-Site Scripting

Related Posts