CVE-2025-1529 – WordPress AM LottiePlayer Stored Cross-Site Scripting Vulnerability

May 1, 2025

CVE ID : CVE-2025-1529

Published : May 1, 2025, 12:15 p.m. | 53 minutes ago

Description : The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3874 – WordPress Simple Shopping Cart Insecure Direct Object Reference

Next Article Best Free Alternatives to Apple’s Remove Background Quick Action

Highlights

CVE-2025-34048 – D-Link ADSL Router Path Traversal Vulnerability

June 26, 2025

CVE ID : CVE-2025-34048

Published : June 26, 2025, 4:15 p.m. | 51 minutes ago

Description : A path traversal vulnerability exists in the web management interface of D-Link DSL-2730U, DSL-2750U, and DSL-2750E ADSL routers with firmware versions IN_1.02, SEA_1.04, and SEA_1.07. The vulnerability is due to insufficient input validation on the getpage parameter within the /cgi-bin/webproc CGI script. This flaw allows an unauthenticated remote attacker to perform path traversal attacks by supplying crafted requests, enabling arbitrary file read on the affected device.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: An Echo In Here in here

How To Minimize The Environmental Impact Of Your Website

Progress adds AI coding assistance to Telerik and Kendo UI libraries

Wasm 3.0 standard is now officially complete

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

Distribution Release: Tails 7.0

Distribution Release: Security Onion 2.4.180

GenStudio for Performance Marketing: What’s New and What We’ve Learned

GenStudio for Performance Marketing: What’s New and What We’ve Learned

Agentic and Generative Commerce Can Elevate CX in B2B

AI Momentum and Perficient’s Inclusion in Analyst Reports – Highlights From 2025 So Far

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Denmark’s Strategic Leap Replacing Microsoft Office 365 with LibreOffice for Digital Independence

Development Release: Ubuntu 25.10 Beta

Development Release: Linux Mint 7 Beta “LMDE”

CVE-2025-1529 – WordPress AM LottiePlayer Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-49786 – Apache HTTP Server Unvalidated User Input

CVE-2025-39366 – Rocket Apps wProject Privilege Escalation Vulnerability

CVE-2025-7794 – Tenda FH451 Stack-Based Buffer Overflow

LibreOffice 25.8 Released with PDF 2.0 Export, Faster Performance

CVE-2025-34048 – D-Link ADSL Router Path Traversal Vulnerability

BreachForums Operators Arrested by French Police

MongoDB: Gateway to Open Finance and Financial Data Access

CVE-2025-46329 – Snowflake libsnowflakeclient Sensitive Information Logging

CVE-2025-1529 – WordPress AM LottiePlayer Stored Cross-Site Scripting Vulnerability

Related Posts