CVE-2025-1485 – WordPress Real Cookie Banner Stored Cross-Site Scripting Vulnerability

June 2, 2025

CVE ID : CVE-2025-1485

Published : June 2, 2025, 6:15 a.m. | 1 hour, 6 minutes ago

Description : The Real Cookie Banner: GDPR & ePrivacy Cookie Consent WordPress plugin before 5.1.6, real-cookie-banner-pro WordPress plugin before 5.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3951 – WordPress WP-Optimize SQL Injection Vulnerability

Next Article CVE-2025-5431 – AssamLook CMS SQL Injection Vulnerability

Highlights

CVE-2025-3704 – DBAR Productions Volunteer Sign Up Sheets Stored Cross-site Scripting

May 27, 2025

CVE ID : CVE-2025-3704

Published : May 27, 2025, 3:15 p.m. | 1 hour, 43 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in DBAR Productions Volunteer Sign Up Sheets allows Stored XSS.This issue affects Volunteer Sign Up Sheets: from n/a before 5.5.5.

The patch is available exclusively on GitHub at https://github.com/dbarproductions/pta-volunteer-sign-up-sheets , as the vendor encounters difficulties using SVN to deploy to the WordPress.org repository.

Severity: 5.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

In-House vs. Outsource Node.js Development Teams: 9 Key Differences for the C-Suite (2025)

Why Non-Native Content Designers Improve Global UX

DevOps won’t scale without platform engineering and here’s why your teams are still stuck

This week in AI dev tools: Slack’s enterprise search, Claude Code’s analytics dashboard, and more (July 18, 2025)

DistroWatch Weekly, Issue 1131

I ditched my Bluetooth speakers for this slick turntable – and it’s more practical than I thought

This split keyboard offers deep customization – if you’re willing to go all in

I spoke with an AI version of myself, thanks to Hume’s free tool – how to try it

The details of TC39’s last meeting

The details of TC39’s last meeting

Simple wrapper for Chrome’s built-in local LLM (Gemini Nano)

Online Examination System using PHP and MySQL

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

Windows 11 tests “shared audio” to play music via multiple devices, new taskbar animations

WhatsApp for Windows 11 is switching back to Chromium web wrapper from UWP/native

DistroWatch Weekly, Issue 1131

CVE-2025-1485 – WordPress Real Cookie Banner Stored Cross-Site Scripting Vulnerability

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

CISA Adds Citrix NetScaler CVE-2025-5777 to KEV Catalog as Active Exploits Target Enterprises

CVE-2025-3810 – WordPress WPBookit Privilege Escalation Vulnerability

Verizon will give you an iPhone 16 Plus (or 4) with no trade-in – here’s how

CVE-2025-37981 – SmartPQi Linux Kernel Memory Corruption Vulnerability

CVE-2025-6009 – kiCode111 like-girl SQL Injection Vulnerability

CVE-2025-3704 – DBAR Productions Volunteer Sign Up Sheets Stored Cross-site Scripting

Next.js Flaw (CVE-2025-49826, CVSS 7.5): Cache Poisoning Leads to Denial-of-Service

ChatGPT’s iOS app downloaded 30 million times last month – clobbering all social apps

Facebook exploit allowed attackers to remotely delete photos

CVE-2025-1485 – WordPress Real Cookie Banner Stored Cross-Site Scripting Vulnerability

Related Posts