CVE-2025-4670 – Easy Digital Downloads Stored Cross-Site Scripting (XSS)

May 29, 2025

CVE ID : CVE-2025-4670

Published : May 29, 2025, 9:15 a.m. | 15 minutes ago

Description : The Easy Digital Downloads – eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s edd_receipt shortcode in all versions up to, and including, 3.3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4687 – Teltonika Networks Remote Management System (RMS) Account Pre-Hijacking Vulnerability

Next Article CVE-2025-5122 – Leaflet Map Block for WordPress Stored XSS Vulnerability

Highlights

CVE-2025-4339 – WordPress TheGem Theme Unauthenticated Theme Option Update Vulnerability

May 13, 2025

CVE ID : CVE-2025-4339

Published : May 13, 2025, 7:15 a.m. | 1 hour, 23 minutes ago

Description : The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary theme options.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Too many open browser tabs? This is still my favorite solution – and has been for years

This new browser won’t monetize your every move – how to try it

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

KeySmith – SSH key management

KeySmith – SSH key management

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

CVE-2025-4670 – Easy Digital Downloads Stored Cross-Site Scripting (XSS)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

mpvpaper – video wallpaper software

Amazon DynamoDB data modeling for Multi-tenancy – Part 3

CVE-2025-46629 – Tenda RX2 Pro Remote Access Control Bypass

Ukrainian Extradited to U.S. Over Global Ransomware Scheme Using Nefilim Strain

CVE-2025-4339 – WordPress TheGem Theme Unauthenticated Theme Option Update Vulnerability

Canonical sostiene gli sviluppatori di software libero con donazioni mensili

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

What to work on next?

CVE-2025-4670 – Easy Digital Downloads Stored Cross-Site Scripting (XSS)

Related Posts