CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

April 25, 2025

CVE ID : CVE-2025-0671

Published : April 25, 2025, 6:15 a.m. | 1 hour, 15 minutes ago

Description : The Icegram Express WordPress plugin before 5.7.50 does not sanitise and escape some of its Template settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3861 – WordPress Prevent Direct Access Unauthorized Access Vulnerability

Next Article CVE-2025-46599 – K3s Kubernetes Kubelet ReadWritePort Remote Authentication Bypass

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

This tiny Bluetooth speaker delivers loud, distortion-free sound – and it’s on sale

Are you playing The Elder Scrolls 4: Oblivion Remastered, and if so, what do you think? — Weekend discussion 💬

I’ve been trying to figure out why these AR glasses cost $700, but I’m frankly stumped

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Perficient Included in IDC Market Glance: Healthcare Provider Operational IT Solutions, 1Q25

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

Closing Deals Faster: The Future of Sales with AI & Personalization

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows Recall finally launches, Oblivion Remastered surprise drops, and Drug Dealer Simulator devs speak out

Windows 11 24H2 colourful battery icons for taskbar are still coming, but no ETA, says Microsoft

Git Interactive Rebase Tool – terminal-based sequence editor for interactive rebase

CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

April 2025 Patch Tuesday: One Zero-Day and 11 Critical Vulnerabilities Among 121 CVEs

Microsoft “.library-ms” File / NTLM Information Disclosure (Resurrected 2025)

Researchers Warn About Phishing Emails That Trick Users Into Pasting Malicious Commands

Hands on with Windows 11’s new Apple Handoff-like feature, but it requires OneDrive

New updates to frame presets in UI3 from Figma

5 Linux commands for managing users

Microsoft CEO Satya Nadella touts DeepSeek’s open-source AI as “super impressive”: “We should take the developments out of China very, very seriously”

The Xbox handheld is actually a next-gen ROG Ally — It’s the best hardware crossover I could hope for

Australia Imposes New Cyber Sanctions in Response to Medibank Private Cyberattack

Taco Bell is rolling out AI ordering in hundreds of drive-thrus. Here’s how it works

CVE-2025-0671 – Icegram Express WordPress Stored Cross-Site Scripting Vulnerability

Related Posts