CVE-2025-4392 – WordPress Shared Files Frontend Stored Cross-Site Scripting

June 3, 2025

CVE ID : CVE-2025-4392

Published : June 3, 2025, 10:15 a.m. | 1 hour, 13 minutes ago

Description : The Shared Files – Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the plugin’s MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.

Severity: 7.2 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleOpenMamba: Una Distribuzione GNU/Linux Italiana Indipendente

Next Article CVE-2024-54189 – Parallels Desktop for Mac Root Privilege Escalation

This week in AI updates: Mistral’s new Le Chat features, ChatGPT updates, and more (September 5, 2025)

Designing For TV: Principles, Patterns And Practical Guidance (Part 2)

Neo4j introduces new graph architecture that allows operational and analytics workloads to be run together

Beyond the benchmarks: Understanding the coding personalities of different LLMs

Development Release: KDE Linux 20250906

Hitachi Energy Pledges $1B to Strengthen US Grid, Build Largest Transformer Plant in Virginia

How to debug a web app with Playwright MCP and GitHub Copilot

Between Strategy and Story: Thierry Chopain’s Creative Path

Health Monitoring Android App using SQLite

Health Monitoring Android App using SQLite

Convertedbook – Live LaTeX Preview in the Browser

Why browsers throttle JavaScript timers (and what to do about it)

Development Release: KDE Linux 20250906

Development Release: KDE Linux 20250906

Harnessing GitOps on Linux for Seamless, Git-First Infrastructure Management

How DevOps Teams Are Redefining Reliability with NixOS and OSTree-Powered Linux

CVE-2025-4392 – WordPress Shared Files Frontend Stored Cross-Site Scripting

Under lock and key: Safeguarding business data with encryption

Malicious npm Packages Impersonate Flashbots, Steal Ethereum Wallet Keys

CVE-2025-5432 – AssamLook CMS SQL Injection Vulnerability

ServiceNow AI Released Apriel-Nemotron-15b-Thinker: A Compact Yet Powerful Reasoning Model Optimized for Enterprise-Scale Deployment and Efficiency

HPE Aruba Network Vulnerability Exposes Sensitive Information to Hackers

Build AI-driven policy creation for vehicle data collection and automation using Amazon Bedrock

Microsoft Copilot roasts Bill Gates, Satya Nadella, and asks Steve Ballmer if his enthusiasm might ever short-circuit the AI

CVE-2025-7536 – Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE-2025-7414 – Tenda O3V2 HTTPd Os Command Injection Vulnerability

DistroWatch Weekly, Issue 1122

CVE-2025-4392 – WordPress Shared Files Frontend Stored Cross-Site Scripting

Related Posts