CVE-2025-6488 – WordPress isMobile Stored Cross-Site Scripting Vulnerability

June 27, 2025

CVE ID : CVE-2025-6488

Published : June 27, 2025, 5:15 a.m. | 1 hour, 53 minutes ago

Description : The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6753 – Huija BicycleSharingServer SQL Injection Vulnerability

Next Article CVE-2025-45737 – NetEase NeacSafe64 Elevation of Privilege

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

OpenAI’s Sam Altman breaks silence on Microsoft feud with Satya Nadella — citing “points of tension” amid evolution plans

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Salesforce Marketing Cloud Engagement vs. Oracle Eloqua

Exploring Lucidworks Fusion and Coveo Using Apache Solr

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

CVE-2025-6488 – WordPress isMobile Stored Cross-Site Scripting Vulnerability

CVE-2025-47824 – Flock Safety LPR Cleartext Code Storage Vulnerability

CVE-2025-6750 – HDF5 Heap-Based Buffer Overflow Vulnerability

Amfora is a terminal browser for the Gemini protocol

My Hollow Knight: Silksong hopes were dashed by Summer Game Fest, but the Xbox Games Showcase might deliver

How to Split Data with Newline Characters into Separate Rows in Excel Using Power Query

Rilasciata CachyOS Maggio 2025: Miglioramenti per GPU NVIDIA e Novità per il Gaming

Word to the wise: Beware of fake Docusign emails

FOSS Weekly #25.15: Clapgrep, APT 3.0, Vibe Coding, AI in Firefox and More

How Google’s AI combats new scam tactics – and how you can stay one step ahead

CVE-2025-6351 – iSourcecode Employee Record Management System SQL Injection

CVE-2025-6488 – WordPress isMobile Stored Cross-Site Scripting Vulnerability

Related Posts