CVE-2025-4586 – WordPress IRM Newsroom Plugin Stored Cross-Site Scripting

June 13, 2025

CVE ID : CVE-2025-4586

Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago

Description : The IRM Newsroom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ‘irmcalendarview’ shortcode in all versions up to, and including, 1.2.17 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4585 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-47959 – Visual Studio Command Injection Vulnerability

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

Don’t miss out on the best ROG Ally accessory deals going on now — Improve your gaming handheld PC with a microSD card, power bank, dock, and more

Regolith – A JavaScript library immune to ReDoS attacks

Regolith – A JavaScript library immune to ReDoS attacks

Create Your Own Redux: Build a Custom State Management in React

Perficient Nagpur Celebrates Contentstack Implementation Certification Success!

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

CVE-2025-4586 – WordPress IRM Newsroom Plugin Stored Cross-Site Scripting

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

Making it stick: How to get the most out of cybersecurity training

CVE-2025-28024 – TOTOLINK A810R Buffer Overflow Vulnerability

CVE-2025-4526 – Dígitro NGC Explorer Password Field Masking Vulnerability

CVE-2025-31258 – This issue was addressed by removing the vulnerabl

Unleashing the Power of AI Functions in Databricks SQL

CVE-2025-44897 – Fiberhome FW-WGS-804HPT Stack Overflow Vulnerability

CVE-2025-49789 – Apache Struts Remote Code Execution

CVE-2025-6816 – HDF5 Heap-Based Buffer Overflow Vulnerability

CVE-2025-4586 – WordPress IRM Newsroom Plugin Stored Cross-Site Scripting

Related Posts