CVE-2025-6488 – WordPress isMobile Stored Cross-Site Scripting Vulnerability

June 27, 2025

CVE ID : CVE-2025-6488

Published : June 27, 2025, 5:15 a.m. | 1 hour, 53 minutes ago

Description : The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6753 – Huija BicycleSharingServer SQL Injection Vulnerability

Next Article CVE-2025-45737 – NetEase NeacSafe64 Elevation of Privilege

Highlights

CVE-2025-36041 – IBM MQ Operator Private Key Configuration Vulnerability

June 15, 2025

CVE ID : CVE-2025-36041

Published : June 15, 2025, 1:15 p.m. | 12 hours, 6 minutes ago

Description : IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1 through 3.5.3, and MQ Operator SC2 3.2.0 through 3.2.12 Native HA CRR could be configured with a private key and chain other than the intended key which could disclose sensitive information or allow the attacker to perform unauthorized actions.

Severity: 4.7 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-6488 – WordPress isMobile Stored Cross-Site Scripting Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-48288 – Element Invader Elementor Stored Cross-Site Scripting

CVE-2025-0602 – “SolidWorks Collaborative Industry Innovator Stored XSS Vulnerability”

Ultimate ChatGPT-5 Prompt Guide: 52 Ideas for Any Task

CVE-2025-46746 – Citrix SharePoint Information Disclosure

CVE-2025-36041 – IBM MQ Operator Private Key Configuration Vulnerability

Mozilla VPN Linux App is Now Available on Flathub

CVE-2025-3272 – OpenText Operations Bridge Manager Password Change Bypass

CVE-2025-46249 – Elementor Simple Calendar CSRF

CVE-2025-6488 – WordPress isMobile Stored Cross-Site Scripting Vulnerability

Related Posts