CVE-2025-5123 – WordPress Contact People Stored Cross-Site Scripting Vulnerability

June 13, 2025

CVE ID : CVE-2025-5123

Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago

Description : The Contact Us Page – Contact People plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 3.7.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4584 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-4585 – WordPress IRM Newsroom Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-5780 – Code-projects Patient Record Management System SQL Injection Vulnerability

June 6, 2025

CVE ID : CVE-2025-5780

Published : June 6, 2025, 3:15 p.m. | 21 minutes ago

Description : A vulnerability was found in code-projects Patient Record Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view_dental.php. The manipulation of the argument itr_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2025-5123 – WordPress Contact People Stored Cross-Site Scripting Vulnerability

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

Distribution Release: Ubuntu Studio 25.04

Pulp – skim excessive feeds

The Hidden Trade-Offs of Scriptless Automation Are You Sacrificing Strategy for Speed?

‘7 Days to Die’ meets ‘Animal Crossing’: This wholesome survival game for Xbox and PC has some interesting inspiration

CVE-2025-5780 – Code-projects Patient Record Management System SQL Injection Vulnerability

APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures

CVE-2024-51453 – IBM Sterling Secure Proxy Directory Traversal Vulnerability

Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android

CVE-2025-5123 – WordPress Contact People Stored Cross-Site Scripting Vulnerability

Related Posts