CVE-2025-3814 – WooCommerce Tax Switch Stored Cross-Site Scripting

April 22, 2025

CVE ID : CVE-2025-3814

Published : April 22, 2025, 6:15 a.m. | 55 minutes ago

Description : The Tax Switch for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class-name’ parameter in all versions up to, and including, 1.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleOpenWrt – Linux distribution targeting embedded devices

Next Article CVE-2025-2594 – WordPress User Registration & Membership Unauthorized Authentication Vulnerability

Highlights

CVE-2025-5431 – AssamLook CMS SQL Injection Vulnerability

June 2, 2025

CVE ID : CVE-2025-5431

Published : June 2, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : A vulnerability, which was classified as critical, was found in AssamLook CMS 1.0. Affected is an unknown function of the file /department-profile.php. The manipulation of the argument ID leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

Dune: Awakening is already making big waves before it’s even fully released

MSI Claw owners need to grab this Intel Arc GPU driver update to fix an irritating audio bug on their Windows 11 handhelds

PC Gaming Show returns June 8 — here’s when and how to watch the show

You can now buy two Nintendo Switch 2 consoles for the price of one ROG Ally X

Master Image Processing in Node.js Using Sharp for Fast Web Apps

Master Image Processing in Node.js Using Sharp for Fast Web Apps

mkocansey/bladewind

Handling PostgreSQL Migrations in Node.js

Windows 11’s Android (WSA) finally loses support, but can you still install it?

Windows 11’s Android (WSA) finally loses support, but can you still install it?

Sitegen is a simple but flexible static site generator

Nephele is a pluggable WebDAV server

CVE-2025-3814 – WooCommerce Tax Switch Stored Cross-Site Scripting

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Build an automated generative AI solution evaluation pipeline with Amazon Nova

I think the ergonomics of generators is growing on me.

Convert Eaze

Development Release: Elive 3.8.48 (Beta)

CVE-2025-5431 – AssamLook CMS SQL Injection Vulnerability

AI Influencers Are Winning Brand Deals, Is This the End of Human Influence?

Stellar Blade Launches June 11, But Here’s Why It Is a Must-Play

CVE-2025-31324 (CVSS 10): Zero-Day in SAP NetWeaver Exploited in the Wild to Deploy Webshells and C2 Frameworks

CVE-2025-3814 – WooCommerce Tax Switch Stored Cross-Site Scripting

Related Posts