CVE-2025-6012 – WordPress Auto Attachments Stored Cross-Site Scripting Vulnerability

June 13, 2025

CVE ID : CVE-2025-6012

Published : June 13, 2025, 8:15 a.m. | 1 hour, 49 minutes ago

Description : The Auto Attachments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 5.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46783 – RICOH Streamline NX V3 PC Client Remote Code Execution

Next Article CVE-2025-39240 – Hikvision Wireless Access Point Authenticated Remote Command Execution Vulnerability

Highlights

CVE-2025-5130 – Tmall Demo Unrestricted File Upload Vulnerability

May 24, 2025

CVE ID : CVE-2025-5130

Published : May 24, 2025, 8:15 p.m. | 39 minutes ago

Description : A vulnerability was found in Tmall Demo up to 20250505. It has been classified as critical. This affects the function uploadProductImage of the file tmall/admin/uploadProductImage. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

This week in AI dev tools: Gemini API Batch Mode, Amazon SageMaker AI updates, and more (July 11, 2025)

JFrog finds MCP-related vulnerability, highlighting need for stronger focus on security in MCP ecosystem

8 Key Questions Every CEO Should Ask Before Hiring a Node.js Development Company in 2025

Vibe Loop: AI-native reliability engineering for the real world

DistroWatch Weekly, Issue 1130

Distribution Release: GParted Live 1.7.0-8

Distribution Release: CachyOS 250713

Most AI projects are abandoned – 5 ways to ensure your data efforts succeed

The details of TC39’s last meeting

The details of TC39’s last meeting

new Date(“wtf”) – How well do you know JavaScript’s Date class?

Francisco Bergeret Paves the Way Through Strong Leadership at Perficient

DistroWatch Weekly, Issue 1130

DistroWatch Weekly, Issue 1130

Distribution Release: GParted Live 1.7.0-8

Distribution Release: CachyOS 250713

CVE-2025-6012 – WordPress Auto Attachments Stored Cross-Site Scripting Vulnerability

Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials

Critical Vulnerability in Anthropic’s MCP Exposes Developer Machines to Remote Exploits

How to Work with React Forms So They Don’t Break Your Brain

Fallout TV series Season 2 gets release window, and the show is already renewed for Season 3

Don’t miss out on these massive discounts for two of our favorite wireless and wired gaming headsets

As game prices rise, this excellent Hall Effect controller just dropped in price

CVE-2025-5130 – Tmall Demo Unrestricted File Upload Vulnerability

Critical WordPress Plugin Vulnerability Exposes 200k Websites to Site Takeover Attack

CVE-2023-44753 – Student Management System Stored Cross-Site Scripting Vulnerability

ESET APT Activity Report Q4 2024–Q1 2025

CVE-2025-6012 – WordPress Auto Attachments Stored Cross-Site Scripting Vulnerability

Related Posts