CVE-2025-3878 – WooCommerce Stored Cross-Site Scripting Vulnerability

May 10, 2025

CVE ID : CVE-2025-3878

Published : May 10, 2025, 12:15 p.m. | 3 hours, 24 minutes ago

Description : The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s sa_verify shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4499 – Simple Hospital Management System Buffer Overflow

Next Article CVE-2025-3876 – WooCommerce WordPress Privilege Escalation Vulnerability

Highlights

CVE-2025-6373 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

June 20, 2025

CVE ID : CVE-2025-6373

Published : June 21, 2025, 12:15 a.m. | 44 minutes ago

Description : A vulnerability has been found in D-Link DIR-619L 2.06B01 and classified as critical. This vulnerability affects the function formSetWizard1 of the file /goform/formWlSiteSurvey. The manipulation of the argument curTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Classic WTF: When it’s OK to GOTO

Overture Maps launches GERS, a system of unique IDs for global geospatial entities

Agent Mode for Gemini added to Android Studio

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Microsoft is reportedly planning yet more major cuts at Xbox — as early as next week

Microsoft makes Windows 10 security updates FREE for an extra year — but there’s a catch, and you might not like it

“Deus Ex” just turned 25 years old and it’s still the best PC game of all time — you only need $2 to play it on practically anything

Where to buy a Meta Quest 3S Xbox Edition — and why it’s a better bargain than the “normal” Meta Quest 3S

Generate awesome open graph images with Open Graphy

Generate awesome open graph images with Open Graphy

Defining a Dedicated Query Builder in Laravel 12 With PHP Attributes

pxlrbt/filament-activity-log

Linux Jargon Buster: What are Secure Boot & Shim Files?

Linux Jargon Buster: What are Secure Boot & Shim Files?

Fldigi – modem program for most of the digital modes used by radio amateurs

Lwan is an experimental, scalable, high performance HTTP server

CVE-2025-3878 – WooCommerce Stored Cross-Site Scripting Vulnerability

Citrix Bleed 2 Flaw Enables Token Theft; SAP GUI Flaws Risk Sensitive Data Exposure

New TeamViewer Vulnerability Puts Windows Systems at Risk of Privilege Escalation

Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

CVE-2025-46252 – Contact Form 7 SQL Injection Vulnerability

CVE-2025-32878 – COROS PACE 3 TLS Certificate Validation Bypass

CVE-2025-41649 – Cisco Craft Router Buffer Overflow Vulnerability

CVE-2025-6373 – D-Link DIR-619L Stack-Based Buffer Overflow Vulnerability

Distribution Release: PorteuX 2.1

CVE-2025-22246 – Cloud Foundry UAA Authentication Bypass

Kodeco Podcast: Mastering Multiplatform: Flutter vs KMP – Podcast V2, S3 E5 [FREE]

CVE-2025-3878 – WooCommerce Stored Cross-Site Scripting Vulnerability

Related Posts