CVE-2025-2918 – WordPress Blocks Plugin Stored Cross-Site Scripting Vulnerability

June 10, 2025

CVE ID : CVE-2025-2918

Published : June 10, 2025, 12:15 p.m. | 1 hour, 32 minutes ago

Description : The Ultimate Blocks – WordPress Blocks Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-43701 – Salesforce OmniStudio FlexCards Information Disclosure Vulnerability

Next Article How To Fix Largest Contentful Paint Issues With Subpart Analysis

Highlights

CVE-2025-22235 – Spring Security Endpoint Request Denial of Service (DoS)

April 28, 2025

CVE ID : CVE-2025-22235

Published : April 28, 2025, 8:15 a.m. | 4 hours, 14 minutes ago

Description : EndpointRequest.to() creates a matcher for null/** if the actuator endpoint, for which the EndpointRequest has been created, is disabled or not exposed.

Your application may be affected by this if all the following conditions are met:

* You use Spring Security
* EndpointRequest.to() has been used in a Spring Security chain configuration
* The endpoint which EndpointRequest references is disabled or not exposed via web
* Your application handles requests to /null and this path needs protection

You are not affected if any of the following is true:

* You don’t use Spring Security
* You don’t use EndpointRequest.to()
* The endpoint which EndpointRequest.to() refers to is enabled and is exposed
* Your application does not handle requests to /null or this path does not need protection

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: Functionally, a Date

Creating Elastic And Bounce Effects With Expressive Animator

Microsoft shares Insiders preview of Visual Studio 2026

From Data To Decisions: UX Strategies For Real-Time Dashboards

DistroWatch Weekly, Issue 1139

Building personal apps with open source and AI

What Can We Actually Do With corner-shape?

Craft, Clarity, and Care: The Story and Work of Mengchu Yao

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Perficient Named among Notable Providers in Forrester’s Q3 2025 Commerce Services Landscape

Sarah McDowell Helps Clients Build a Strong AI Foundation Through Salesforce

Championing Innovation as a Newly Named Databricks Champion

I Ran Local LLMs on My Android Phone

I Ran Local LLMs on My Android Phone

DistroWatch Weekly, Issue 1139

sudo vs sudo-rs: What You Need to Know About the Rust Takeover of Classic Sudo Command

CVE-2025-2918 – WordPress Blocks Plugin Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

Meerdere botnets misbruiken kritiek lek in beveiligingsplatform Wazuh

5 Reasons to Use Local AI Tools Over Copilot or ChatGPT — Anyone Can Try It, so Why Wouldn’t You?

CVE-2025-8702 – Wanzhou WOES Intelligent Optimization Energy Saving System SQL Injection Vulnerability

CVE-2025-6678 – Autel MaxiCharger AC Wallbox Commercial PIN Missing Authentication Information Disclosure

CVE-2025-22235 – Spring Security Endpoint Request Denial of Service (DoS)

Bose re-enters the premium earbuds game, promising small but mighty upgrades to its Ultra earbuds

How to Use a Foreign Key in Django

Katvan is an editor for Typst files

CVE-2025-2918 – WordPress Blocks Plugin Stored Cross-Site Scripting Vulnerability

Related Posts