CVE-2025-4595 – FastSpring for WordPress Stored Cross-Site Scripting Vulnerability

May 31, 2025

CVE ID : CVE-2025-4595

Published : May 31, 2025, 7:15 a.m. | 2 hours, 27 minutes ago

Description : The FastSpring plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘fastspring/block-fastspringblocks-complete-product-catalog’ block in all versions up to, and including, 3.0.1 due to insufficient input sanitization and output escaping on the ‘color’ attribute. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4590 – Daisycon prijsvergelijkers WordPress Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-4103 – WordPress WP-GeoMeta Privilege Escalation Vulnerability

Highlights

CVE-2025-46572 – Auth0 Passport-wsfed-saml2 SAML Authentication Bypass

May 6, 2025

CVE ID : CVE-2025-46572

Published : May 6, 2025, 9:16 p.m. | 2 hours, 41 minutes ago

Description : passport-wsfed-saml2 provides passport strategy for both WS-fed and SAML2 protocol. A vulnerability present starting in version 3.0.5 up to and including version 4.6.3 allows an attacker to impersonate any user in the Auth0 tenant during SAML authentication by crafting a SAMLResponse. This can be done by using a valid SAML object that was signed by the configured IdP. Users are affected specifically when the service provider is using passport-wsfed-saml2 and a valid SAML document signed by the Identity Provider can be obtained. Version 4.6.4 contains a fix for the vulnerability.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

How Red Hat just quietly, radically transformed enterprise server Linux

OpenAI wants ChatGPT to be your ‘super assistant’ – what that means

The best Linux VPNs of 2025: Expert tested and reviewed

One of my favorite gaming PCs is 60% off right now

`document.currentScript` is more useful than I thought.

`document.currentScript` is more useful than I thought.

Adobe Sensei and GenAI in Practice for Enterprise CMS

Over The Air Updates for React Native Apps

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

You can now open ChatGPT on Windows 11 with Win+C (if you change the Settings)

Microsoft says Copilot can use location to change Outlook’s UI on Android

TempoMail — Command Line Temporary Email in Linux

CVE-2025-4595 – FastSpring for WordPress Stored Cross-Site Scripting Vulnerability

Fake Recruiter Emails Target CFOs Using Legit NetBird Tool Across 6 Global Regions

Qualcomm Fixes 3 Zero-Days Used in Targeted Android Attacks via Adreno GPU

Google’s Veo 2 costs you $30 per minute and is more expensive than Sora

Animating in Frames: Repeating Image Transition

Microsoft wants you to easily understand PC specs via Windows 11’s new System UI

From Celebrations to Cyber Strikes: The Rise of Hacktivism During Independence Day Events

CVE-2025-46572 – Auth0 Passport-wsfed-saml2 SAML Authentication Bypass

Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks

CVE-2025-48752 – Apache Process-Sync Pthread Mutex Unlock Vulnerability

I want Apple’s AI features at WWDC to be boringly awesome. Here’s why you should, too

CVE-2025-4595 – FastSpring for WordPress Stored Cross-Site Scripting Vulnerability

Related Posts