CVE-2025-4406 – WordPress wpForo Forum Stored Cross-Site Scripting

July 10, 2025

CVE ID : CVE-2025-4406

Published : July 10, 2025, 2:15 a.m. | 1 hour, 49 minutes ago

Description : The wpForo Forum plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 2.4.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5807 – WordPress Gwolle Guestbook Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-6976 – WordPress Events Manager – Stored Cross-Site Scripting Vulnerability

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

Unmasking The Magic: The Wizard Of Oz Method For UX Research

How I personalized my ChatGPT conversations – why it’s a game changer

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

Salesforce Health Cloud Demo: Provider Search & Network Management in Action

Salesforce Health Cloud Demo: Provider Search & Network Management in Action

Oracle Cloud EPM: Transitioning to Forms 2.0, Dashboards 2.0 by October 2025

This Week in Laravel: React.js, Filament vs Laravel, and Junior Test

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

Xbox Game Pass deals ranged from “$50,000 to $50,000,000” — offering a glimpse at how much Microsoft drops on content

The Division 2’s new Brooklyn Archivist Merit Commendation was driving me INSANE — it turns out there’s a sneaky extra step you need to do first

Alan Wake 2 for Xbox Series X is on sale during Amazon Prime Day — dive into Remedy’s title that “bloodily earns its place as a horror game”

CVE-2025-4406 – WordPress wpForo Forum Stored Cross-Site Scripting

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

CVE-2025-21480 – NVIDIA GPU Micronode Command Execution Memory Corruption

Distribution Release: Lubuntu 25.04

CVE-2025-28121 – Code-Projects Online Exam Mastering System XSS Vulnerability

Upgrading your Windows laptop? This affordable Dell model is my top pick for work

: “Glass Cage” – Zero-Click iMessage → Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)

CVE-2025-5549 – FreeFloat FTP Server PASV Command Handler Buffer Overflow

CVE-2025-5889 – “Julian Gruber Brace-Expansion Regular Expression Complexity Remote Vulnerability”

CVE-2025-28969 – Cybio Gallery Widget SQL Injection

CVE-2025-4406 – WordPress wpForo Forum Stored Cross-Site Scripting

Related Posts