4 matches found
CVE-2025-6488
creationtimestamp| type| source ---|---|--- 2025-06-27 04:51:44+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/19665 2025-06-27 08:19:32+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsl7fafnei2r...
CVE-2025-6488 isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter
The isMobile plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘device’ parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and...
CVE-2025-6488
The CVE-2025-6488 isMobile WordPress plugin is vulnerable to Stored Cross-Site Scripting via the device parameter in all versions up to and including 1.1.1 due to insufficient input sanitization and output escaping. Authentication requirement: attacker must have Contributor-level access or higher...
WordPress isMobile plugin <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via device Parameter vulnerability discovered by Gilang in WordPress Plugin isMobile Shortcode for WordPress versions = 1.1.1...