CVE-2025-49185 – WordPress Cross-Site Scripting Vulnerability

June 12, 2025

CVE ID : CVE-2025-49185

Published : June 12, 2025, 2:15 p.m. | 1 hour, 46 minutes ago

Description : The web application is susceptible to cross-site-scripting attacks. An attacker who can create new dashboard widgets can inject malicious JavaScript code into the Transform Function which will be executed when the widget receives data from its data source.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49187 – Apache HTTP Server Username Brute Forcing

Next Article CVE-2025-49184 – Apache Product Information Disclosure Vulnerability

Highlights

CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-5490

Published : June 19, 2025, 6:15 a.m. | 4 hours, 21 minutes ago

Description : The Football Pool plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.12.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2025-49185 – WordPress Cross-Site Scripting Vulnerability

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

How to Use Google Authenticator

Copilot is now capable of File Search, and it will look into users’ files to provide answers

CVE-2025-30102 – Dell PowerScale OneFS Out-of-Bounds Write Vulnerability

CVE-2025-4779 – Lunary Ai Lunary Stored Cross-Site Scripting (XSS)

CVE-2025-5490 – WordPress Football Pool Stored Cross-Site Scripting Vulnerability

Best USB WiFi Adapter For Kali Linux 2025 [Updated March]

Surface Pro 2-in-1 (2024) with Snapdragon X Elite drops to $1,170 in rare Amazon deal

CVE-2025-53327 – Aioseo Multibyte Descriptions CSRF

CVE-2025-49185 – WordPress Cross-Site Scripting Vulnerability

Related Posts