CVE-2025-5534 – “ESV Bible Shortcode for WordPress Stored Cross-Site Scripting”

June 6, 2025

CVE ID : CVE-2025-5534

Published : June 6, 2025, 7:15 a.m. | 33 minutes ago

Description : The ESV Bible Shortcode for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘esv’ shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5486 – WordPress WP Email Debug Privilege Escalation

Next Article CVE-2025-5533 – WordPress Knowledge Base Stored Cross-Site Scripting Vulnerability

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-5534 – “ESV Bible Shortcode for WordPress Stored Cross-Site Scripting”

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

Paragon Spyware used to Spy on European Journalists

PBXware is a Linux telephony platform distribution

Google’s AI Overviews will decimate your business – here’s what you need to do

PanVK: il driver Vulkan open-source per GPU ARM Mali raggiunge la conformità Vulkan 1.1

Despite Microsoft’s ‘sneaky tactic,’ this discounted Surface Pro 11 costs the same as the Surface Pro 12-inch

Raidou Remastered feels more like a proper Pokémon action-RPG than Palworld, and I can’t get enough of this cult classic

Microsoft blocks emails from employees that mention “Palestine,” “Gaza,” or “genocide”

APT41/RedGolf Infrastructure Briefly Exposed: Fortinet Zero-Days Targeted Shiseido

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now

CVE-2025-5534 – “ESV Bible Shortcode for WordPress Stored Cross-Site Scripting”

Related Posts