CVE-2025-5236 – NinjaTeam Chat for Telegram WordPress Stored Cross-Site Scripting

May 30, 2025

CVE ID : CVE-2025-5236

Published : May 30, 2025, 8:15 a.m. | 1 hour, 21 minutes ago

Description : The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘username’ parameter in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-48334 – BinaryCarpenter Woo Slider Pro Missing Authorization Vulnerability

Next Article CVE-2025-4431 – Unsplash WordPress Plugin Missing Capability Check Allows Unauthorized Data Modification

Highlights

CISA Warns Planet Technology Network Products Let Attackers Manipulate Devices

April 29, 2025

CISA Warns Planet Technology Network Products Let Attackers Manipulate Devices

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical advisory warning of multiple high-severity vulnerabilities in Planet Technology network products that could allow atta …
Read more

Published Date:
Apr 28, 2025 (17 hours, 51 minutes ago)

Vulnerabilities has been mentioned in this article.

CVE-2025-46275

CVE-2025-46274

CVE-2025-46273

CVE-2025-46272

CVE-2025-46271

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

How Red Hat just quietly, radically transformed enterprise server Linux

OpenAI wants ChatGPT to be your ‘super assistant’ – what that means

The best Linux VPNs of 2025: Expert tested and reviewed

One of my favorite gaming PCs is 60% off right now

`document.currentScript` is more useful than I thought.

`document.currentScript` is more useful than I thought.

Adobe Sensei and GenAI in Practice for Enterprise CMS

Over The Air Updates for React Native Apps

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

Microsoft says Copilot can use location to change Outlook’s UI on Android

TempoMail — Command Line Temporary Email in Linux

CVE-2025-5236 – NinjaTeam Chat for Telegram WordPress Stored Cross-Site Scripting

Chrome Zero-Day Alert: CVE-2025-5419 Actively Exploited in the Wild

CISA Adds 5 Actively Exploited Vulnerabilities to KEV Catalog: ASUS Routers, Craft CMS, and ConnectWise Targeted

CVE-2025-4636 – Apache Airpointer Privilege Escalation Vulnerability

What is a Unit Test? [closed]

Packet lets you share files

CISA Warns of High-Risk Flaws in Honeywell Products

CISA Warns Planet Technology Network Products Let Attackers Manipulate Devices

AutoShorts AI Review: Can It Generate Good Videos?

AI Chatbot Development Explained: Costs, Trends, and Future (2025)

The Human AI “Srinidhi” Thinks Vibe-Coding is the Future as it Lets 10 Engineers Do the Work of 1,000

CVE-2025-5236 – NinjaTeam Chat for Telegram WordPress Stored Cross-Site Scripting

Related Posts