4 matches found
CVE-2025-1523
The Ultimate Dashboard WordPress plugin before 3.8.6 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress Ultimate Dashboard plugin < 3.8.6 - Admin+ Stored XSS vulnerability
Admin+ Stored XSS vulnerability discovered by Krugov Artyom in WordPress Plugin Ultimate Dashboard versions 3.8.6...
CVE-2025-1523
creationtimestamp| type| source ---|---|--- 2025-04-17 06:48:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lmyj7hk4ms2h 2025-04-17 06:57:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/12196 2025-04-17 10:28:12+00:00| seen| https://t.me/cvedetector/23218...
CVE-2025-1523
CVE-2025-1523 concerns The Ultimate Dashboard WordPress plugin prior to 3.8.6. The vulnerability is a stored XSS in plugin settings caused by insufficient sanitization/escaping, which could allow a high-privilege user (e.g., an admin) to inject script payloads. Exploitation details (e.g., exact v...