CVE-2025-5398 – Ninja Forms Stored Cross-Site Scripting Vulnerability

June 27, 2025

CVE ID : CVE-2025-5398

Published : June 27, 2025, 10:15 a.m. | 54 minutes ago

Description : The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of a templating engine in all versions up to, and including, 3.10.2.1 due to insufficient output escaping on user data passed through the template. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleRilasciata Tails 6.17: Più Privacy e Sicurezza con le Nuove Funzionalità

Next Article CVE-2025-2940 – WordPress Easy Data Table Builder SSRF

Highlights

CVE-2025-54061 – WeGIA SQL Injection Vulnerability

July 17, 2025

CVE ID : CVE-2025-54061

Published : July 17, 2025, 3:15 p.m. | 3 hours, 21 minutes ago

Description : WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A SQL Injection vulnerability was identified in versions prior to 3.4.6 in the `idatendido_familiares` parameter of the `/html/funcionario/dependente_editarDoc.php` endpoint. This vulnerability allows attacker to manipulate SQL queries and access sensitive database information, such as table names and sensitive data. Version 3.4.6 fixes the issue.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-5398 – Ninja Forms Stored Cross-Site Scripting Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

Trump Announces Pennsylvania Will Receive $90B+ in AI and Energy Investments

CVE-2025-5758 – SourceCodester Open Source Clinic Management System SQL Injection Vulnerability

Atlantic allies turn to xAI and OpenAI — Why chatbots are now a matter of national strategy

CVE-2025-44892 – Fortinet Wireless Access Point Stack Overflow Vulnerability

CVE-2025-54061 – WeGIA SQL Injection Vulnerability

CVE-2025-2801 – WordPress Create Custom Forms Plugin Arbitrary Shortcode Execution Vulnerability

Stronger Design Principles Start with One Question: ‘Versus What?’

LaunchDarkly adds new features to help developers release faster while mitigating risk

CVE-2025-5398 – Ninja Forms Stored Cross-Site Scripting Vulnerability

Related Posts