CVE-2025-1453 – WordPress Category Posts Widget Stored Cross-Site Scripting Vulnerability

April 24, 2025

CVE ID : CVE-2025-1453

Published : April 24, 2025, 6:15 a.m. | 1 hour, 25 minutes ago

Description : The Category Posts Widget WordPress plugin before 4.9.20 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-2558 – “WordPress Theme-Wound LFI Vulnerability”

Next Article CVE-2025-3435 – Mang Board WP Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-9421 – iSourcecode Apartment Management System SQL Injection Vulnerability

August 25, 2025

CVE ID : CVE-2025-9421

Published : Aug. 25, 2025, 10:15 p.m. | 3 hours, 41 minutes ago

Description : A vulnerability has been found in itsourcecode Apartment Management System 1.0. This affects an unknown function of the file /complain/addcomplain.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Value-Driven AI Roadmap

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

‘Job Hugging’ Trend Emerges as Workers Confront AI Uncertainty

Distribution Release: MocaccinoOS 25.09

Composition in CSS

DataCrunch raises €55M to boost EU AI sovereignty with green cloud infrastructure

Finally, safe array methods in JavaScript

Finally, safe array methods in JavaScript

Perficient Interviewed for Forrester Report on AI’s Transformative Role in DXPs

Perficient’s “What If? So What?” Podcast Wins Gold Stevie® Award for Technology Podcast

Distribution Release: MocaccinoOS 25.09

Distribution Release: MocaccinoOS 25.09

Speed Isn’t Everything When Buying SSDs – Here’s What Really Matters!

14 Themes for Beautifying Your Ghostty Terminal

CVE-2025-1453 – WordPress Category Posts Widget Stored Cross-Site Scripting Vulnerability

Qantas Airways Slashes CEO Bonus After Cyberattack Exposes 5.7 Million Customers

UAE Cyber Security Council Flags 70% Smart Home Devices as Vulnerable

Qualcomm Adreno GPU 0-Day Vulnerabilities Exploited to Attack Android Users

CVE-2025-6019: time to upgrade Linux | Kaspersky official blog

Grounded 2

Sentry Adds Logs Support for Laravel Apps

CVE-2025-9421 – iSourcecode Apartment Management System SQL Injection Vulnerability

CVE-2025-43861 – ManageWiki Stored and Reflected XSS Vulnerability

CVE-2025-5977 – Code-projects School Fees Payment System SQL Injection Vulnerability

Coin Circle Trust

CVE-2025-1453 – WordPress Category Posts Widget Stored Cross-Site Scripting Vulnerability

Related Posts