CVE-2025-3779 – WordPress Personizely Stored Cross-Site Scripting

May 3, 2025

CVE ID : CVE-2025-3779

Published : May 3, 2025, 3:15 a.m. | 2 hours, 15 minutes ago

Description : The Personizely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘widgetId’ parameter in all versions up to, and including, 0.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3918 – WordPress Job Listings Privilege Escalation

Next Article CVE-2024-13738 – “Motors Car Dealer, Rental & Listing WordPress Theme Shortcode Execution Vulnerability”

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-3779 – WordPress Personizely Stored Cross-Site Scripting

CISA Flags CVE-2023-0386 as Actively Exploited Linux Kernel Privilege Escalation Threat

Linux-lek geeft aanvaller roottoegang: “organisaties moeten meteen patchen”

Rilasciata /e/OS 3.0: Nuova Vita per Android Senza Google, Più Privacy e Controllo per l’Utente

FOSS Weekly #25.22: Microsoft’s Vim Alternative, Kernel 6.15, UBXI Desktop, End of Ubuntu 20.04 and More

CVE-2025-37825 – “Nvidia Nvmet Out-of-Bounds Access Vulnerability”

PowerToys, one of the best free apps on Windows 11, just got a major update

AlphaProteo generates novel proteins for biology and health research

Top 15 Vibe Coding Tools Transforming AI-Driven Software Development in 2025

This AI Paper Introduces GRIT: A Method for Teaching MLLMs to Reason with Images by Interleaving Text and Visual Grounding

Call of Duty: Warzone’s casual mode is absolutely not for “sweats” and Activision is keeping a close eye on that

CVE-2025-3779 – WordPress Personizely Stored Cross-Site Scripting

Related Posts