CVE-2025-3488 – WordPress WPML Stored Cross-Site Scripting Vulnerability

May 2, 2025

CVE ID : CVE-2025-3488

Published : May 2, 2025, 6:15 a.m. | 1 hour, 5 minutes ago

Description : The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s wpml_language_switcher shortcode in versions 3.6.0 – 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3513 – “SureForms WordPress Stored Cross-Site Scripting”

Next Article CVE-2025-3438 – WordPress WCFM Marketplace MStore API Privilege Escalation

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-3488 – WordPress WPML Stored Cross-Site Scripting Vulnerability

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Cyberagentschap VS meldt actief misbruik van lek in Linux-kernel

You can produce video ads in seconds with Amazon’s new AI tool – here’s how

CVE-2025-4067 – ScriptAndTools Online-Travling-System Remote File Inclusion Vulnerability

CVE-2025-43915 – Linkerd Proxy Resource Exhaustion Vulnerability

Avoiding Metadata Contention in Unity Catalog

CVE-2025-49454 – LoftOcean TinySalt PHP Remote File Inclusion Vulnerability

Snowflake launches Openflow to help businesses manage data in the age of AI

A Step-by-Step Coding Guide to Building a Gemini-Powered AI Startup Pitch Generator Using LiteLLM Framework, Gradio, and FPDF in Google Colab with PDF Export Support

ByteDance Introduces VAPO: A Novel Reinforcement Learning Framework for Advanced Reasoning Tasks

CVE-2025-3488 – WordPress WPML Stored Cross-Site Scripting Vulnerability

Related Posts