CVE-2025-6976 – WordPress Events Manager – Stored Cross-Site Scripting Vulnerability

July 10, 2025

CVE ID : CVE-2025-6976

Published : July 9, 2025, 11:15 p.m. | 4 hours, 49 minutes ago

Description : The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s shortcodes in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4406 – WordPress wpForo Forum Stored Cross-Site Scripting

Next Article CVE-2025-6975 – WordPress Events Manager – Reflected Cross-Site Scripting Vulnerability

Highlights

CVE-2025-27445 – RSFirewall Joomla Path Traversal Vulnerability

June 5, 2025

CVE ID : CVE-2025-27445

Published : June 5, 2025, 2:15 p.m. | 53 minutes ago

Description : A path traversal vulnerability in RSFirewall component 2.9.7 – 3.1.5 for Joomla was discovered. This vulnerability allows authenticated users to read arbitrary files outside the Joomla root directory. The flaw is caused by insufficient sanitization of user-supplied input in file path parameters, allowing attackers to exploit directory traversal sequences (e.g., ../) to access sensitive files

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

Google Pixel 10 Pro vs. iPhone 16 Pro: I’ve used both handsets, and there’s a clear winner

Master these 48 Windows keyboard shortcuts and finish work early

Why the Pixel 10 is making this longtime iPhone user reconsider their next phone

Google Pixel 10 Pro Fold vs. Samsung Galaxy Z Fold 7: I compared both Androids, and here’s the winner

PERFIXION 2025: Powering AI Ideas

PERFIXION 2025: Powering AI Ideas

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Reports say Windows 11 update is bricking drives — is yours on the list?

Razer finally remembered I don’t live in China, so now we can all get this cool Gengar gaming headset

CVE-2025-6976 – WordPress Events Manager – Stored Cross-Site Scripting Vulnerability

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

CVE-2025-48064 – GitHub Desktop Windows Network Share Path Traversal Information Disclosure

CVE-2025-32882 – GoTenna Encryption Malleability Vulnerability

CVE-2025-6164 – TOTOLINK A3002R HTTP POST Request Handler Buffer Overflow Vulnerability

All You Need to Know About Frontend Architecture

CVE-2025-27445 – RSFirewall Joomla Path Traversal Vulnerability

CVE-2025-46157 – EfroTech Time Trax Remote Code Execution Vulnerability

Microsoft Adds OneNote’s Best Pens to Word, Excel, and PowerPoint — Here’s Why It Matters

starter best

CVE-2025-6976 – WordPress Events Manager – Stored Cross-Site Scripting Vulnerability

Related Posts