CVE-2025-8490 – All-in-One WP Migration and Backup Stored Cross-Site Scripting Vulnerability

August 26, 2025

CVE ID : CVE-2025-8490

Published : Aug. 27, 2025, 12:15 a.m. | 2 hours, 39 minutes ago

Description : The All-in-One WP Migration and Backup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Import in all versions up to, and including, 7.97 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Severity: 4.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleThunderbird 142 Lets You Add Signatures to PDFs In-App

Next Article CVE-2025-35113 – Agiloft Remote Code Execution Vulnerability

Optimizing PWAs For Different Display Modes

Node.js Web App Development Costs: A 2025 Executive Pricing Guide

Google locking down Android security with upcoming developer verification requirements for sideloaded apps

Microsoft donates DocumentDB to the Linux Foundation

Google can translate your voice in real time now – try it free

The one-click Linux app I use for instant online anonymity

You can try Android 16’s new lock screen widgets – if you have one of these phones

Apple’s iPhone 17 event launch date is official – here’s everything we expect

Password Strength Estimator Validation in Laravel

Password Strength Estimator Validation in Laravel

Laravel’s Enhanced String Validation with Inverse Methods

Using SQLite in production with Laravel

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Microsoft Excel just got a Copilot function — but the new AI has some surprising limitations

Why Final Fantasy XIV fans are review‑bombing the game on Steam

Google Chrome VPN under fire for secretly screenshotting users’ browsing habits

CVE-2025-8490 – All-in-One WP Migration and Backup Stored Cross-Site Scripting Vulnerability

Yemen Cyber Army hacker jailed after stealing millions of people’s data

CISA Adds Three Exploited Vulnerabilities to KEV Catalog Affecting Citrix and Git

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites

GitHub for Beginners: Test-driven development (TDD) with GitHub Copilot

Docmost is a collaborative wiki and documentation software

CVE-2025-38168 – “ARM-NI Linux Kernel Perf PMU Unregister Vulnerability”

Using Pages CMS for Static Site Content Management

This tiny power bank solves the biggest problem I had with charging my phone

CVE-2025-20693 – Intel Wireless LAN STA Driver Out-of-Bounds Read Information Disclosure Vulnerability

DOS Browser – lightweight browser designed for retro computing enthusiasts

CVE-2025-8490 – All-in-One WP Migration and Backup Stored Cross-Site Scripting Vulnerability

Related Posts