CVE-2025-4594 – WordPress Tournamatch Stored Cross-Site Scripting Vulnerability

May 23, 2025

CVE ID : CVE-2025-4594

Published : May 23, 2025, 4:15 a.m. | 17 minutes ago

Description : The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘trn-ladder-registration-button’ shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleSSPlot is a simple plotting utility and numerical simulator

Next Article CVE-2025-48708 – Artifex Ghostscript Argument Injection Vulnerability

Last week in AI dev tools: Cloudflare blocking AI crawlers by default, Perplexity Max subscription, and more (July 7, 2025)

Infragistics Launches Ultimate 25.1 With Major Updates to App Builder, Ignite UI

Design Guidelines For Better Notifications UX

10 Top React.js Development Service Providers For Your Next Project In 2026

Bookworms: Don’t skip this Kindle Paperwhite Essentials bundle that’s on sale

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

I’ve been using this Alienware 240Hz gaming monitor for 2 years — less than $1 a day if I’d bought it with this Prime Day discount

Final Fantasy IX Remake possibly cancelled according to latest rumors — Which may be the saddest way to celebrate this legendary game’s 25th anniversary

Token Limit – Monitor token usage in AI context files

Token Limit – Monitor token usage in AI context files

Perficient Named a 2025 Best Place to Work in Orange County!

Perficient Recognized by Leading Analyst Firm for Automotive and Mobility Expertise

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

My favorite “non-gaming” gaming accessory is down to its lowest price for Prime Day | XREAL’s AR glasses give you a virtual cinema screen for Xbox Cloud Gaming, Netflix, PC gaming handhelds, and more

I’ve been using this Alienware 240Hz gaming monitor for 2 years — less than $1 a day if I’d bought it with this Prime Day discount

Final Fantasy IX Remake possibly cancelled according to latest rumors — Which may be the saddest way to celebrate this legendary game’s 25th anniversary

CVE-2025-4594 – WordPress Tournamatch Stored Cross-Site Scripting Vulnerability

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

CVE-2025-7119 – Campcodes Complaint Management System SQL Injection Vulnerability

Victoria’s Secret Website Down After Security Incident

CVE-2025-47868 – Apache NuttX Heap-based Buffer Overflow

CVE-2025-43923 – Unicom Focal Point SQL Injection Vulnerability

This Surface Pro 11 just dropped to its lowest price ever — no need to wait for Prime Day

The rising price of Nintendo games makes supporting smaller titles and studios more important than ever — I’ll be voting with my wallet

CVE-2025-6698 – LabRedesCefetRJ WeGIA Cross Site Scripting Vulnerability

SEC Consult SA-20250612-0 :: Reflected Cross-Site Scripting in ONLYOFFICE Docs (DocumentServer)

CVE-2025-4594 – WordPress Tournamatch Stored Cross-Site Scripting Vulnerability

Related Posts