CVE-2025-4963 – “WordPress WP Extended Stored Cross-Site Scripting”

May 28, 2025

CVE ID : CVE-2025-4963

Published : May 28, 2025, 10:15 a.m. | 1 hour, 20 minutes ago

Description : The WP Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5295 – FreeFloat FTP Server Buffer Overflow Vulnerability

Next Article CVE-2025-1753 – LLama-Index OS Command Injection Vulnerability

Highlights

CVE-2025-7341 – Elementor Page Builder & Gutenberg Blocks & Form Builder File Deletion Vulnerability

July 15, 2025

CVE ID : CVE-2025-7341

Published : July 15, 2025, 5:15 a.m. | 10 hours, 29 minutes ago

Description : The HT Contact Form Widget For Elementor Page Builder & Gutenberg Blocks & Form Builder. plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the temp_file_delete() function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 9.1 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

April 25, 2025

rescrobbled – music scrobbler daemon

August 20, 2025

I used Elden Ring Nightreign’s best Executor build that liquefies bosses with triple status effects — it’s so broken that I’m never using anything else

June 3, 2025

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

Prompting Is A Design Act: How To Brief, Guide And Iterate With AI

Look out, Meta Ray-Bans! These AI glasses just raised over $1M in pre-orders in 3 days

Samsung ‘Galaxy Glasses’ powered by Android XR are reportedly on track to be unveiled this month

The M4 iPad Pro is discounted $100 as a last-minute Labor Day deal

Distribution Release: Linux From Scratch 12.4

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

Enhanced Queue Job Control with Laravel’s ThrottlesExceptions failWhen() Method

August report 2025

Fake News Detection using Python Machine Learning (ML)

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Installing Proxmox on a Raspberry Pi to run Virtual Machines on it

Download Transcribe! for Windows

Microsoft Fixes CertificateServicesClient (CertEnroll) Error in Windows 11

CVE-2025-4963 – “WordPress WP Extended Stored Cross-Site Scripting”

Hacker suspected of trying to cheat his way into university is arrested in Spain

ScarCruft Uses RokRAT Malware in Operation HanKook Phantom Targeting South Korean Academics

Your ChatGPT Conversations Could Improve with Long-Term Memory feature – Here’s How

CVE-2025-32704 – Microsoft Office Excel Buffer Over-read Remote Code Execution Vulnerability

CVE-2025-5154 – PhonePe SQLite Database Cleartext Storage Vulnerability

Classic WTF: NoeTimeToken

CVE-2025-7341 – Elementor Page Builder & Gutenberg Blocks & Form Builder File Deletion Vulnerability

Natural Language Q&A in Optimizely CMS Using Azure OpenAI and AI Search

rescrobbled – music scrobbler daemon

I used Elden Ring Nightreign’s best Executor build that liquefies bosses with triple status effects — it’s so broken that I’m never using anything else

CVE-2025-4963 – “WordPress WP Extended Stored Cross-Site Scripting”

Related Posts