Warning: Undefined variable $author_out in /home/afaghhos/domains/afaghhosting.net/public_html/blog/wp-content/plugins/removehide-author-date-category-like-entry-meta/remove-author-date-and-category-metadata.php on line 147

Warning: Undefined variable $date_out in /home/afaghhos/domains/afaghhosting.net/public_html/blog/wp-content/plugins/removehide-author-date-category-like-entry-meta/remove-author-date-and-category-metadata.php on line 160

Warning: Undefined variable $category_out in /home/afaghhos/domains/afaghhosting.net/public_html/blog/wp-content/plugins/removehide-author-date-category-like-entry-meta/remove-author-date-and-category-metadata.php on line 173

Warning: Undefined variable $comment_out in /home/afaghhos/domains/afaghhosting.net/public_html/blog/wp-content/plugins/removehide-author-date-category-like-entry-meta/remove-author-date-and-category-metadata.php on line 186

Warning: Undefined variable $edit_out in /home/afaghhos/domains/afaghhosting.net/public_html/blog/wp-content/plugins/removehide-author-date-category-like-entry-meta/remove-author-date-and-category-metadata.php on line 198

مدیریت منیج سرور ثبت دامنه

CVE-2025-8688 – WordPress Inline Stock Quotes Stored Cross-Site Scripting Vulnerability

توسط

mo0dir
در

CVE ID : CVE-2025-8688

Published : Aug. 12, 2025, 3:15 a.m. | 29 minutes ago

Description : The Inline Stock Quotes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s stock shortcode in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…