CVE-2025-5841 – WordPress ACF Onyx Poll Stored Cross-Site Scripting Vulnerability

June 13, 2025

CVE ID : CVE-2025-5841

Published : June 13, 2025, 3:15 a.m. | 2 hours, 48 minutes ago

Description : The ACF Onyx Poll plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5926 – WordPress Link Shield CSRF

Next Article CVE-2025-5233 – WordPress Color Palette Stored Cross-Site Scripting Vulnerability

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

Docker Compose gets new features for building and running agents

Why Enterprises Are Choosing AI-Driven React.js Development Companies in 2025

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

Don’t miss out on the best ROG Ally accessory deals going on now — Improve your gaming handheld PC with a microSD card, power bank, dock, and more

Regolith – A JavaScript library immune to ReDoS attacks

Regolith – A JavaScript library immune to ReDoS attacks

Create Your Own Redux: Build a Custom State Management in React

Perficient Nagpur Celebrates Contentstack Implementation Certification Success!

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

This discounted SSD fixed my gaming handheld’s biggest weakness — Extra storage space for Steam Deck, ASUS ROG Ally, and Lenovo Legion Go

These are the 5 Prime Day deals I’d buy if I weren’t about to have a baby

OpenAI’s $6.5 billion purchase fuels Sam Altman’s quest to build next-gen computers for “transcendentally good” AI — The biggest tech disruption since the iPhone?

CVE-2025-5841 – WordPress ACF Onyx Poll Stored Cross-Site Scripting Vulnerability

Chrome Zero-Day CVE-2025-6554 Under Active Attack — Google Issues Security Update

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

CVE-2025-2875 – Apache Controller Resource Disclosure Vulnerability

The AI Fix #50: AI brings dead man back for killer’s trial, and the judge loves it

CVE-2025-4264 – PHPGurukul Emergency Ambulance Hiring Portal SQL Injection Vulnerability

Distribution Release: UBports 20.04 OTA-9

CVE-2025-46580 – GoldenDB Database Information Disclosure and Privilege Escalation Vulnerability

CVE-2025-42964 – SAP NetWeaver Enterprise Portal Remote Code Execution Vulnerability

April 2025 Wallpapers Edition

CVE-2025-32974 – XWiki Cross-Site Scripting (XSS) and Privilege Escalation Vulnerability

CVE-2025-5841 – WordPress ACF Onyx Poll Stored Cross-Site Scripting Vulnerability

Related Posts