CVE-2025-3878 – WooCommerce Stored Cross-Site Scripting Vulnerability

May 10, 2025

CVE ID : CVE-2025-3878

Published : May 10, 2025, 12:15 p.m. | 3 hours, 24 minutes ago

Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4499 – Simple Hospital Management System Buffer Overflow

Next Article CVE-2025-3876 – WooCommerce WordPress Privilege Escalation Vulnerability

Highlights

CVE-2025-52900 – Apache File Browser Unrestricted File Access Vulnerability

June 26, 2025

CVE ID : CVE-2025-52900

Published : June 26, 2025, 3:15 p.m. | 1 hour, 51 minutes ago

Description : File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The file access permissions for files uploaded to or created from File Browser are never explicitly set by the application. The same is true for the database used by File Browser. On standard servers using File Browser prior to version 2.33.7 where the umask configuration has not been hardened before, this makes all the stated files readable by any operating system account. Version 2.33.7 fixes the issue.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-3878 – WooCommerce Stored Cross-Site Scripting Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-6249 – FileZ Client Authentication Bypass

CVE-2025-7126 – iSourcecode Employee Management System SQL Injection Vulnerability

CVE-2025-47584 – ThemeGoods Photography Deserialization of Untrusted Data Vulnerability

Did iOS 18.4 wreck CarPlay for you? Try these fixes to get back on track

CVE-2025-52900 – Apache File Browser Unrestricted File Access Vulnerability

CVE-2012-10050 – CuteFlow PHP File Upload Vulnerability (Arbitrary Code Execution)

AI etiquette comes with a price tag, says Altman, but is it worth it?

CVE-2022-50218 – Linux Kernel IIO Light Driver Null Pointer Dereference Vulnerability

CVE-2025-3878 – WooCommerce Stored Cross-Site Scripting Vulnerability

Related Posts