CVE-2025-9277 – SiteSEO – WordPress Stored Cross-Site Scripting

August 26, 2025

CVE ID : CVE-2025-9277

Published : Aug. 26, 2025, 11:15 p.m. | 3 hours, 39 minutes ago

Description : The SiteSEO – SEO Simplified plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the broken preg_replace expression in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-35114 – Agiloft Default Credentials Privilege Escalation

Next Article CVE-2025-35115 – Agiloft Insecure Package Download Vulnerability

Highlights

CVE-2025-53489 – Wikimedia Foundation Mediawiki GoogleDocs4MW Extension Cross-Site Scripting (XSS)

July 3, 2025

CVE ID : CVE-2025-53489

Published : July 3, 2025, 5:15 p.m. | 2 hours, 3 minutes ago

Description : Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Wikimedia Foundation Mediawiki – GoogleDocs4MW Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki – GoogleDocs4MW Extension: from 1.42.X before 1.42.7, from 1.43.X before 1.43.2.

Severity: 5.6 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Designing For TV: The Evergreen Pattern That Shapes TV Experiences

Amplitude launches new self-service capabilities for marketing initiatives

Microsoft packs Visual Studio August update with smarter AI features

Optimizing PWAs For Different Display Modes

Why this $25 ratchet tool beats any multitool or Swiss Army Knife I’ve ever tested

One of my favorite sports watches from 2024 just got upgrades in all the right places

Google’s AI Mode is getting more links for you not to click on

I still prefer Apple Watch over Oura Ring for 3 key reasons – but there is one big drawback

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

Heartbeat Collection Method in Laravel 12.26; Wayfinder Now in React and Vue Starter Kits

spatie/laravel-rdap

mvanduijker/laravel-mercure-broadcaster

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

Geekom’s A9 Max mini PC is so good that I want to turn off my desktop gaming rig — and it’s not bad at AI, either

‘There Are No Ghosts At The Grand’ looks glorious — I’m more excited than ever for this upcoming Xbox Game Pass release

Epic Games CEO Tim Sweeney says Unreal Engine 5’s performance problems aren’t about the engine — they’re about when developers choose to optimize

CVE-2025-9277 – SiteSEO – WordPress Stored Cross-Site Scripting

First known AI-powered ransomware uncovered by ESET Research

Blind Eagle’s Five Clusters Target Colombia Using RATs, Phishing Lures, and Dynamic DNS Infra

Beyond Vulnerability Management – Can You CVE What I CVE?

CVE-2025-54319 – Westermo WeOS Information Disclosure

PoC Exploit Released for Critical WebDAV 0-Day RCE Vulnerability Exploited by APT Hackers

CVE-2025-46803 – Screen PTY Escalation of Privilege

CVE-2025-53489 – Wikimedia Foundation Mediawiki GoogleDocs4MW Extension Cross-Site Scripting (XSS)

CVE-2025-48990 – NeKernal Heap Overflow

How SSL Misconfigurations Impact Your Attack Surface

SafePay ransomware: What you need to know

CVE-2025-9277 – SiteSEO – WordPress Stored Cross-Site Scripting

Related Posts