CVE-2025-4955 – Tarteaucitron.io WordPress Stored Cross-site Scripting Vulnerability

June 18, 2025

CVE ID : CVE-2025-4955

Published : June 18, 2025, 6:15 a.m. | 15 minutes ago

Description : The tarteaucitron.io WordPress plugin before 1.9.5 uses query parameters from YouTube oEmbed URLs without sanitizing these parameters correctly, which could allow users with the contributor role and above to perform Stored Cross-site Scripting attacks.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCodeSOD: Stop Being So ####

Next Article CVE-2025-51381 – KCM3100 LAN Authentication Bypass Vulnerability

Modernizing your approach to governance, risk and compliance

ScyllaDB X Cloud’s autoscaling capabilities meet the needs of unpredictable workloads in real time

Parasoft C/C++test 2025.1, Secure Code Warrior AI Security Rules, and more – Daily News Digest

What I Wish Someone Told Me When I Was Getting Into ARIA

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

The biggest rival for Microsoft’s Xbox Ally is Valve’s Steam Deck, not Switch 2, so stop comparing the wrong gaming handhelds

Microsoft Copilot for Power Platform

Microsoft Copilot for Power Platform

Integrate Coveo Atomic CLI-Based Hosted Search Page into Adobe Experience Manager (AEM)

Mastering TypeScript: Your Ultimate Guide to Types, Inference & Compatibility

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Hades 2 gets another major update bringing new art, godly powers, and romance as Supergiant gets ready for the game’s full release

Sam Altman says OpenAI could need a “significant fraction” of the Earth’s power for future artificial intelligence computing

Microsoft’s Windows 95 testing phase was so intense that it crashed cash registers with over $10,000 worth of software

CVE-2025-4955 – Tarteaucitron.io WordPress Stored Cross-site Scripting Vulnerability

Two Distinct Botnets Exploit Wazuh Server Vulnerability to Launch Mirai-Based Attacks

Over 70 Organizations Across Multiple Sectors Targeted by China-Linked Cyber Espionage Group

The Baseline Netlify extension has shipped

How an ‘internet of agents’ could help AIs connect and work together

Biophysical Brain Models Get a 2000× Speed Boost: Researchers from NUS, UPenn, and UPF Introduce DELSSOME to Replace Numerical Integration with Deep Learning Without Sacrificing Accuracy

How Rufus doubled their inference speed and handled Prime Day traffic with AWS AI chips and parallel decoding

A Deep Technical Dive into Next-Generation Interoperability Protocols: Model Context Protocol (MCP), Agent Communication Protocol (ACP), Agent-to-Agent Protocol (A2A), and Agent Network Protocol (ANP)

CVE-2025-47462 – Ohidul Islam Challan CSRF Privilege Escalation

LLMs Still Struggle to Cite Medical Sources Reliably: Stanford Researchers Introduce SourceCheckup to Audit Factual Support in AI-Generated Responses

CVE-2025-1948 – Jetty HTTP/2 Buffer Overflow

CVE-2025-4955 – Tarteaucitron.io WordPress Stored Cross-site Scripting Vulnerability

Related Posts