CVE ID : CVE-2025-4170

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Xavin’s Review Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘xrr’ shortcode in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4172

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The VerticalResponse Newsletter Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘verticalresponse’ shortcode in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4188

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Advanced Reorder Image Text Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the ‘reorder-simple-image-text-slider-setting’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4198

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Alink Tap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the ‘alink-tap’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4222

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Database Toolset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.4 via backup files stored in a publicly accessible location. This makes it possible for unauthenticated attackers to extract sensitive data from database backup files. An index file is present, so a brute force attack would need to be successful in order to compromise any data.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4199

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Abundatrade Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.02. This is due to missing or incorrect nonce validation on the ‘abundatrade’ page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Severity: 6.1 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

On April 29, 2025, Jepsen published a report about transaction visibility behavior in Amazon Relational Database Service (Amazon RDS) for…

Not sure which Nightfarer you’re going to play in Elden Ring Nightreign? To help you decide, here’s a full list…

On this week’s episode of the podcast, I interview Shashi Lo. He’s a software engineer at Microsoft. He grew up…

You’ve probably heard the word Kubernetes floating around, or it’s cooler nickname k8s (pronounced “kates“). Maybe in a job post,…

SonarQube is a powerful open-source tool that helps you maintain code quality and security by analyzing your codebase for bugs…

Imagine purchasing a standing fan straight out of the box, all parts dismantled, and you have no manual or guide…

NFC tags are so useful and customizable, and it’s quite simple to make your own. Here’s how and what you…

Researchers from MIT’s Computer Science and Artificial Intelligence Laboratory (CSAIL) have developed a novel artificial intelligence model inspired by neural…

Salesforce Connections 2025 is quickly approaching, and Perficient is excited to be part of it.  On June 11–12, we’re heading…

Perficient is honored to announce we’ve been named the 2025 Appian Partner Impact and Excellence Award winner for Delivery, marking…

Over the past year or so, the industry has seen several open-source projects forked because the founders of those projects…

In the current landscape of business, email plays a crucial role in communication, marketing, and engaging with customers. However, ensuring…

Post Content Source: Read More 

The Amazon Bedrock multi-agent collaboration feature gives developers the flexibility to create and coordinate multiple AI agents, each specialized for…