CVE-2025-6716 – WordPress Photos Plugin Stored Cross-Site Scripting

July 11, 2025

CVE ID : CVE-2025-6716

Published : July 11, 2025, 7:15 a.m. | 2 hours, 22 minutes ago

Description : The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal or Stripe, Social Share Buttons, OpenAI plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘upload[1][title]’ parameter in all versions up to, and including, 26.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4593 – WordPress WP Register Profile With Shortcode Sensitive Information Exposure

Next Article CVE-2025-5992 – Qt QColorTransferGenericFunction ICC Profile Denial of Service

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Why your USB-C device won’t charge – and what you can do instead

How passkeys work: Going passwordless with public key cryptography

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

The details of TC39’s last meeting

The details of TC39’s last meeting

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

Intelligent Automation in the Healthcare Sector with n8n, OpenAI, and Pinecone

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

51% claimed already: This Xbox Edition mechanical keyboard is at its lowest price yet while this sale lasts — Nostalgic green transparency for the win

This RDR2 deal feels like highway robbery — grab the “Wild West masterpiece” today before it rides off into the sunset

Grab these 7 Xbox games all under $40 — you don’t have long before Amazon Prime Day ends, so act fast

CVE-2025-6716 – WordPress Photos Plugin Stored Cross-Site Scripting

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

CVE-2025-37094 – HPE StoreOnce Directory Traversal File Deletion Vulnerability

MuZero, AlphaZero, and AlphaDev: Optimizing computer systems

Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign

CVE-2025-3262 – Apache Transformers ReDoS

CVE-2025-0984 – Netoloji Software E-Flow Cross-site Scripting (XSS) and File Content Injection Vulnerability

Apple’s big, next-gen CarPlay Ultra upgrade is here – if you drive these cars

CVE-2025-4196 – SourceCodester Patient Record Management System SQL Injection Vulnerability

CVE-2025-6787 – WordPress Smart Docs Stored Cross-Site Scripting

CVE-2025-6716 – WordPress Photos Plugin Stored Cross-Site Scripting

Related Posts