CVE-2025-49858 – Arconix Shortcodes Cross-site Scripting (XSS)

June 17, 2025

CVE ID : CVE-2025-49858

Published : June 17, 2025, 3:15 p.m. | 3 hours, 12 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in tychesoftwares Arconix Shortcodes allows Stored XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.17.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-49859 – Etuel WP Views Counter Cross-Site Scripting (XSS)

Next Article CVE-2025-49857 – WPExperts.io myCred Missing Authorization Vulnerability

Highlights

CVE-2025-3435 – Mang Board WP Stored Cross-Site Scripting Vulnerability

April 24, 2025

CVE ID : CVE-2025-3435

Published : April 24, 2025, 4:15 a.m. | 3 hours, 25 minutes ago

Description : The Mang Board WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the board_header and board_footer parameters in all versions up to, and including, 1.8.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

SD Times 100

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

‘No aggressive monetization’ — Nexus Mods’ new ownership responds to worried members

Build AI Agents That Run Your Day – While You Focus on What Matters

Build AI Agents That Run Your Day – While You Focus on What Matters

Faster Builds in Meteor 3.3: Modern Build Stack with SWC and Bundler Optimizations

How to Change Redirect After Login/Register in Laravel Breeze

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

Clair Obscur: Expedition 33 is a masterpiece, but I totally skipped parts of it (and I won’t apologize)

This Xbox game emotionally wrecked me in less than four hours… I’m going to go hug my cat now

Top 5 desktop PC case features that I can’t live without — and neither should you

CVE-2025-49858 – Arconix Shortcodes Cross-site Scripting (XSS)

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Hard-Coded ‘b’ Password in Sitecore XP Sparks Major RCE Risk in Enterprise Deployments

CVE-2025-41431 – BIG-IP Traffic Management Microkernel (TMM) Denial of Service

InterVision accelerates AI development using AWS LLM League and Amazon SageMaker AI

CVE-2025-5111 – FreeFloat FTP Server TYPE Command Handler Remote Buffer Overflow Vulnerability

CVE-2025-5814 – WordPress Profiler Data Modification Vulnerability

CVE-2025-3435 – Mang Board WP Stored Cross-Site Scripting Vulnerability

CVE-2025-49282 – Unfoldwp Magze PHP Remote File Inclusion

lscoltui lets you change the colours of ls

CVE-2025-6119 – Open Asset Import Library Assimp Use After Free Vulnerability

CVE-2025-49858 – Arconix Shortcodes Cross-site Scripting (XSS)

Related Posts