CVE-2025-3504 – WP Maps Stored Cross-Site Scripting Vulnerability

May 1, 2025

CVE ID : CVE-2025-3504

Published : May 1, 2025, 6:15 a.m. | 1 hour, 56 minutes ago

Description : The WP Maps WordPress plugin before 4.7.2 does not sanitise and escape some of its Map settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4151 – PHPGurukul Curfew e-Pass Management System SQL Injection Vulnerability

Next Article CVE-2025-3503 – “WP Maps Stored Cross-Site Scripting Vulnerability”

Highlights

CVE-2025-1529 – WordPress AM LottiePlayer Stored Cross-Site Scripting Vulnerability

May 1, 2025

CVE ID : CVE-2025-1529

Published : May 1, 2025, 12:15 p.m. | 53 minutes ago

Description : The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-3504 – WP Maps Stored Cross-Site Scripting Vulnerability

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

Run Multiple AI Coding Agents in Parallel with Container-Use from Dagger

RoboCat: A self-improving robotic agent

Development Release: openSUSE 16.0 Beta

Harness launches Traceable Cloud WAAP to unify security and observability for cloud-native applications, APIs

CVE-2025-1529 – WordPress AM LottiePlayer Stored Cross-Site Scripting Vulnerability

libpeer is a portable WebRTC library for IoT/embedded devices

How to Use PostgreSQL in Django

This fan-requested Microsoft Teams feature could have prevented a major livestream blunder

CVE-2025-3504 – WP Maps Stored Cross-Site Scripting Vulnerability

Related Posts