CVE-2025-5259 – WordPress Minimal Share Buttons Stored Cross-Site Scripting (XSS)

May 30, 2025

CVE ID : CVE-2025-5259

Published : May 30, 2025, 6:15 a.m. | 3 hours, 21 minutes ago

Description : The Minimal Share Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘align’ parameter in all versions up to, and including, 1.7.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-41385 – “Wivia OS Command Injection Vulnerability”

Next Article CVE-2025-4659 – Salesforce WordPress Plugin Full Path Disclosure Vulnerability

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

Oblivion Remastered and Metal Gear Solid Delta co-developer Virtuos faces layoffs — with 270 workers cut

The details of TC39’s last meeting

The details of TC39’s last meeting

Notes Android App Using SQLite

How to Get Security Patches for Legacy Unsupported Node.js Versions

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

Pokémon has partnered with one of the biggest PC gaming brands again, and you can actually buy these accessories — but do you even want to?

AMD’s budget Ryzen AI 5 330 processor will introduce a wave of ultra-affordable Copilot+ PCs with its mobile 50 TOPS NPU

Steam takes down tons of porn games, cracks down on “certain kinds of adult-only content” — here’s why, and its new policy

CVE-2025-5259 – WordPress Minimal Share Buttons Stored Cross-Site Scripting (XSS)

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

The Last Letter from the Hills: Part 2 – The Monsoon of Memories

FastCGI Library Vulnerability Exposes Embedded Devices to Code Execution Attacks

How to Install DeepSeek on Ubuntu 24.04 (Locally)

See-Through Parallel Universes with Your Mind’s Eye – The Course Guidebook: Chapter 6

Paragon Spyware used to Spy on European Journalists

Query Amazon Aurora PostgreSQL using Amazon Bedrock Knowledge Bases structured data

CVE-2025-32445 Privilege Escalation Flaw in Argo Events

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

CVE-2025-5259 – WordPress Minimal Share Buttons Stored Cross-Site Scripting (XSS)

Related Posts