{
"Source": "CVE FEED",
"Title": "CVE-2025-3584 - WordPress Newsletter Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-3584
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-3584 - WordPress Newsletter Stored Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-3584
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : The Newsletter WordPress plugin before 8.8.2 does not sanitise and escape some of its Subscription settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4567 - WordPress Post Slider Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-4567
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4567 - WordPress Post Slider Cross-Site Scripting Vulnerability",
"Content": "CVE ID : CVE-2025-4567
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : The Post Slider and Post Carousel with Post Vertical Scrolling Widget WordPress plugin before 3.2.10 does not validate and escape some of its Widget options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
Severity: 0.0 | NA
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21480 - NVIDIA GPU Micronode Command Execution Memory Corruption",
"Content": "CVE ID : CVE-2025-21480
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21480 - NVIDIA GPU Micronode Command Execution Memory Corruption",
"Content": "CVE ID : CVE-2025-21480
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21485 - Apache Kafka FastRPC Memory Corruption Vulnerability",
"Content": "CVE ID : CVE-2025-21485
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21485 - Apache Kafka FastRPC Memory Corruption Vulnerability",
"Content": "CVE ID : CVE-2025-21485
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption while processing INIT and multimode invoke IOCTL calls on FastRPC.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21486 - Apache HTTP Server Heap Overflow",
"Content": "CVE ID : CVE-2025-21486
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21486 - Apache HTTP Server Heap Overflow",
"Content": "CVE ID : CVE-2025-21486
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption during dynamic process creation call when client is only passing address and length of shell binary.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-27029 - Cisco Router Denial of Service",
"Content": "CVE ID : CVE-2025-27029
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-27029 - Cisco Router Denial of Service",
"Content": "CVE ID : CVE-2025-27029
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Transient DOS while processing the tone measurement response buffer when the response buffer is out of range.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-27031 - Cisco Router IOCTL Memory Corruption",
"Content": "CVE ID : CVE-2025-27031
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-27031 - Cisco Router IOCTL Memory Corruption",
"Content": "CVE ID : CVE-2025-27031
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : memory corruption while processing IOCTL commands, when the buffer in write loopback mode is accessed after being freed.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53020 - Apache Tomcat RTP Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53020
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53020 - Apache Tomcat RTP Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53020
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure may occur while decoding the RTP packet with invalid header extension from network.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53021 - F5 Big-IP Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53021
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure may occur while processing goodbye RTCP packet from network.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53021 - F5 Big-IP Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53021
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure may occur while processing goodbye RTCP packet from network.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53026 - Nokia IMS RTCP Packet Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53026
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53026 - Nokia IMS RTCP Packet Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53026
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure when an invalid RTCP packet is received during a VoLTE/VoWiFi IMS call.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53019 - Cisco RTP Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53019
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53019 - Cisco RTP Information Disclosure Vulnerability",
"Content": "CVE ID : CVE-2024-53019
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Information disclosure may occur while decoding the RTP packet with improper header length for number of contributing sources.
Severity: 8.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21463 - Cisco Wireless EHT IE Beacon Frame Processing Denial of Service",
"Content": "CVE ID : CVE-2025-21463
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Transient DOS while processing the EHT operation IE in the received beacon frame.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21463 - Cisco Wireless EHT IE Beacon Frame Processing Denial of Service",
"Content": "CVE ID : CVE-2025-21463
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Transient DOS while processing the EHT operation IE in the received beacon frame.
Severity: 7.5 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53013 - Google Android Audio Call Registration Buffer Overflow",
"Content": "CVE ID : CVE-2024-53013
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption may occur while processing voice call registration with user.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53013 - Google Android Audio Call Registration Buffer Overflow",
"Content": "CVE ID : CVE-2024-53013
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption may occur while processing voice call registration with user.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53015 - Apache VFS Filesystem Buffer Overflow",
"Content": "CVE ID : CVE-2024-53015
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption while processing IOCTL command to handle buffers associated with a session.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53015 - Apache VFS Filesystem Buffer Overflow",
"Content": "CVE ID : CVE-2024-53015
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption while processing IOCTL command to handle buffers associated with a session.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-53016 - Canon Camera Off-Path Memory Corruption Vulnerability",
"Content": "CVE ID : CVE-2024-53016
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption while processing I2C settings in Camera driver.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-53016 - Canon Camera Off-Path Memory Corruption Vulnerability",
"Content": "CVE ID : CVE-2024-53016
Published : June 3, 2025, 6:15 a.m. | 18 minutes ago
Description : Memory corruption while processing I2C settings in Camera driver.
Severity: 6.6 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-46355 - PC Time Tracer Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-46355
Published : June 3, 2025, 8:15 a.m. | 20 minutes ago
Description : Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-46355 - PC Time Tracer Elevation of Privilege Vulnerability",
"Content": "CVE ID : CVE-2025-46355
Published : June 3, 2025, 8:15 a.m. | 20 minutes ago
Description : Incorrect default permissions issue in PC Time Tracer prior to 5.2. If exploited, arbitrary code may be executed with SYSTEM privilege on Windows system where the product is running by a local authenticated attacker.
Severity: 7.3 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-41428 - TimeWorks Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-41428
Published : June 3, 2025, 8:15 a.m. | 20 minutes ago
Description : Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-41428 - TimeWorks Path Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-41428
Published : June 3, 2025, 8:15 a.m. | 20 minutes ago
Description : Improper limitation of a pathname to a restricted directory ('Path Traversal') issue exists in TimeWorks 10.0 to 10.3. If exploited, arbitrary JSON files on the server may be viewed by a remote unauthenticated attacker.
Severity: 5.3 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-21479 - NVIDIA GPU Unauthenticated Command Execution Vulnerability",
"Content": "CVE ID : CVE-2025-21479
Published : June 3, 2025, 7:15 a.m. | 1 hour, 20 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-21479 - NVIDIA GPU Unauthenticated Command Execution Vulnerability",
"Content": "CVE ID : CVE-2025-21479
Published : June 3, 2025, 7:15 a.m. | 1 hour, 20 minutes ago
Description : Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-31359 - Parallels Desktop Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-31359
Published : June 3, 2025, 10:15 a.m. | 21 minutes ago
Description : A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-31359 - Parallels Desktop Directory Traversal Vulnerability",
"Content": "CVE ID : CVE-2025-31359
Published : June 3, 2025, 10:15 a.m. | 21 minutes ago
Description : A directory traversal vulnerability exists in the PVMP package unpacking functionality of Parallels Desktop for Mac version 20.2.2 (55879). This vulnerability can be exploited by an attacker to write to arbitrary files, potentially leading to privilege escalation.
Severity: 8.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2024-54189 - Parallels Desktop for Mac Root Privilege Escalation",
"Content": "CVE ID : CVE-2024-54189
Published : June 3, 2025, 10:15 a.m. | 21 minutes ago
Description : A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2024-54189 - Parallels Desktop for Mac Root Privilege Escalation",
"Content": "CVE ID : CVE-2024-54189
Published : June 3, 2025, 10:15 a.m. | 21 minutes ago
Description : A privilege escalation vulnerability exists in the Snapshot functionality of Parallels Desktop for Mac version 20.1.1 (build 55740). When a snapshot of a virtual machine is taken, a root service writes to a file owned by a normal user. By using a hard link, an attacker can write to an arbitrary file, potentially leading to privilege escalation.
Severity: 7.8 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
{
"Source": "CVE FEED",
"Title": "CVE-2025-4392 - WordPress Shared Files Frontend Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-4392
Published : June 3, 2025, 10:15 a.m. | 21 minutes ago
Description : The Shared Files โ Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the pluginโs MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น
"Source": "CVE FEED",
"Title": "CVE-2025-4392 - WordPress Shared Files Frontend Stored Cross-Site Scripting",
"Content": "CVE ID : CVE-2025-4392
Published : June 3, 2025, 10:15 a.m. | 21 minutes ago
Description : The Shared Files โ Frontend File Upload Form & Secure File Sharing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via html File uploads in all versions up to, and including, 1.7.48 due to insufficient input sanitization and output escaping within the sanitize_file() function. This makes it possible for unauthenticated attackers to bypass the pluginโs MIME-only checks and inject arbitrary web scripts in pages that will execute whenever a user accesses the html file.
Severity: 7.2 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...",
"Detection Date": "03 Jun 2025",
"Type": "Vulnerability"
}
๐น t.me/cvedetector ๐น