CVE-2025-5537 – FooBox Stored Cross-Site Scripting Vulnerability

July 8, 2025

CVE ID : CVE-2025-5537

Published : July 8, 2025, 5:15 a.m. | 1 hour, 36 minutes ago

Description : The Lightbox & Modal Popup WordPress Plugin – FooBox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image alternative texts in all versions up to, and including, 2.7.34 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5957 – “WordPress Guest Support Unauthenticated Ticket Deletion Vulnerability”

Next Article CVE-2025-7161 – PHPGurukul Zoo Management System SQL Injection Vulnerability

Highlights

CVE-2025-1253 – RTI Connext Professional Classic Buffer Overflow

May 8, 2025

CVE ID : CVE-2025-1253

Published : May 8, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’) vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.7, from 4.5 before 6.1.2.23.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Anthropic proposes transparency framework for frontier AI development

Sonatype Open Source Malware Index, Gemini API Batch Mode, and more – Daily News Digest

15 Top Node.js Development Service Providers for Large Enterprises in 2026

Droip: The Modern Website Builder WordPress Needed

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

How passkeys work: The complete guide to your inevitable passwordless future

This Sony OLED TV is my pick for best Prime Day deal – and it’s the last chance to get 50% off

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Top PHP Projects for B.Tech Students: Learn Real Skills with PHPGurukul Projects

Deno 2.4: deno bundle is back

From Silos to Synergy: Accelerating Your AI Journey

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

The gaming headset I use every day is slashed to its lowest price ever thanks to Amazon Prime Day — “stellar battery life” awaits

Blizzard announces release date for World of Warcraft: The War Within’s 3rd major content patch — a patch that will feature the largest, city-sized raid boss in MMORPG history

Microsoft recently raised the price of the Xbox Series S, but these retailers just dropped it back down again — close to the old price, but not for long

CVE-2025-5537 – FooBox Stored Cross-Site Scripting Vulnerability

CVE-2025-49697 – Microsoft Office Heap Buffer Overflow Vulnerability

CVE-2025-49701 – Microsoft Office SharePoint Cross-Site Scripting (XSS)

Repeat Strings Efficiently with Laravel’s Str::repeat Method

CVE-2025-33053 – Apache HTTP Server Path Traversal Vulnerability

How to Choose a Software Development Company: A Comprehensive Guide

How Salesforce achieves high-performance model deployment with Amazon SageMaker AI

CVE-2025-1253 – RTI Connext Professional Classic Buffer Overflow

CVE-2025-46807 – SSLH File Descriptor Exhaustion Denial of Service

CVE-2025-4653 – Pandora ITSM Command Injection

CVE-2025-4433 – Devolutions Server Privilege Escalation Vulnerability

CVE-2025-5537 – FooBox Stored Cross-Site Scripting Vulnerability

Related Posts