CVE-2025-3782 – Cision Block Stored Cross-Site Scripting Vulnerability

May 6, 2025

CVE ID : CVE-2025-3782

Published : May 6, 2025, 10:15 a.m. | 1 hour, 37 minutes ago

Description : The Cision Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘id’ parameter in all versions up to, and including, 4.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46762 – Apache Parquet Parquet-avro Remote Code Execution Vulnerability

Next Article CVE-2025-2011 – WordPress Slider & Popup Builder by Depicter SQL Injection Vulnerability

Highlights

CVE-2025-4035 – Libsoup Cookie Domain Bypass Vulnerability

April 29, 2025

CVE ID : CVE-2025-4035

Published : April 29, 2025, 1:15 p.m. | 2 hours, 47 minutes ago

Description : A flaw was found in libsoup. When handling cookies, libsoup clients mistakenly allow cookies to be set for public suffix domains if the domain contains at least two components and includes an uppercase character. This bypasses public suffix protections and could allow a malicious website to set cookies for domains it does not own, potentially leading to integrity issues such as session fixation.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

Capcom breaks all-time profit records with 10% income growth after Monster Hunter Wilds sold over 10 million copies in a month

Microsoft plans to lay off 3% of its workforce, reportedly targeting management cuts as it changes to fit a “dynamic marketplace”

A cross-platform Markdown note-taking application

A cross-platform Markdown note-taking application

AI Assistant Demo & Tips for Enterprise Projects

Celebrating Global Accessibility Awareness Day (GAAD)

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

Intel’s latest Arc graphics driver is ready for DOOM: The Dark Ages, launching for Premium Edition owners on PC today

NVIDIA’s drivers are causing big problems for DOOM: The Dark Ages, but some fixes are available

Capcom breaks all-time profit records with 10% income growth after Monster Hunter Wilds sold over 10 million copies in a month

CVE-2025-3782 – Cision Block Stored Cross-Site Scripting Vulnerability

Nmap 7.96 Launches with Lightning-Fast DNS and 612 Scripts

CVE-2025-4732 – TOTOLINK A3002R/A3002RU HTTP POST Request Handler Buffer Overflow

Evolve Bank Confirms Data Breach, Customer Information Exposed

CodeSOD: Objectifying Yourself

CVE-2025-34028 – Commvault Command Center Innovation Release Remote Code Execution Path Traversal

How to buy a TV during Prime Day and 4th of July like a pro

CVE-2025-4035 – Libsoup Cookie Domain Bypass Vulnerability

Visa and Mastercard Just Gave AI the Power to Shop and Pay for You

Unlocking the Potential of Recoil: Essential Recoil Hooks Every React Developer Should Know

Transforming financial analysis with CreditAI on Amazon Bedrock: Octus’s journey with AWS

CVE-2025-3782 – Cision Block Stored Cross-Site Scripting Vulnerability

Related Posts