CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

June 19, 2025

CVE ID : CVE-2025-5524

Published : June 19, 2025, 5:15 a.m. | 17 minutes ago

Description : The OceanWP theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Select HTML tag in all versions up to, and including, 4.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-50182 – “urllib3 Browser Redirect Handling Vulnerability”

Next Article Intel Prepares Massive Layoffs: Up to 20% of Foundry Division Workforce Cut Starting July 2025

15 Essential Skills to Look for When Hiring Node.js Developers for Enterprise Projects (2025-2026)

African training program creates developers with cloud-native skills

React.js for SaaS Platforms: How Top Development Teams Help Startups Launch Faster

Upwork Freelancers vs Dedicated React.js Teams: What’s Better for Your Project in 2025?

LastPass can now warn or block logins to shadow SaaS apps – here’s how

Get up to a year of Adobe Creative Cloud access for 40% off

Got 6 hours? This free AI training from Google and Goodwill can boost your resume today

Why I recommend this budget phone with a paper-like screen over ‘minimalist’ devices

Laravel Boost, your AI coding starter kit

Laravel Boost, your AI coding starter kit

Using GitHub Copilot in VS Code

Optimizely Mission Control – Part I

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Top 20 kubectl Commands Every Kubernetes Beginner Must Know

Microsoft’s record stock run collides with Nadella’s admission that 15,000 layoffs still ‘hurt’

Microsoft and Adobe Power Up Fantasy Premier League Fans with AI – Here’s How

CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

PlayPraetor Android Trojan Infects 11,000+ Devices via Fake Google Play Pages and Meta Ads

The Wild West of Shadow IT

CVE-2025-7218 – Campcodes Payroll Management System SQL Injection Vulnerability

Automating REST APIs with Selenium and Postman

Jasmine – web launcher and session management application

CVE-2025-4486 – iSourcecode Gym Management System SQL Injection Vulnerability

American Airlines to offer free in-flight Wi-Fi – here’s how to access it

Samsung launches One UI 8 beta – what’s new and how to join

CVE-2025-48931 – TeleMessage MD5 Password Hashing Weakness

CVE-2025-6222 – “WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet Arbitrary File Upload Vulnerability”

CVE-2025-5524 – OceanWP WordPress Stored Cross-Site Scripting Vulnerability

Related Posts