3 matches found
CVE-2025-3488
creationtimestamp| type| source ---|---|--- 2025-05-02 06:15:16+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14446 2025-05-02 08:00:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lo6e7pxorw2h 2025-05-02 09:15:15+00:00| seen| https://t.me/cvedetector/24334...
CVE-2025-3488 WPML Multilingual CMS 3.6.0 - 4.7.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpml_language_switcher Shortcode
The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmllanguageswitcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...
CVE-2025-3488
The CVE-2025-3488 entry concerns the WPML Multilingual CMS WordPress plugin. It describes a Stored Cross-Site Scripting (XSS) vulnerability in the wpml_language_switcher shortcode for plugin versions 3.6.0 through 4.7.3, caused by insufficient input sanitization and output escaping on user-suppli...