CyberSecurityBoard
Sponsor Register Login

CVE-2025-11882

The Simple Donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's simpledonate shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Publication date: Tue, 11 Nov 2025 03:30:00 +0000


Cyber News related to CVE-2025-11882

Hackers use six-year old Microsoft Office bug to spread Agent Tesla - Threat actors have been observed leveraging a six-year old bug - CVE-2017-11882 - to spread Agent Tesla to vulnerable versions of Microsoft Office. In a December 19 blog post, Zscaler researchers said CVE-2017-11882 is a remote code execution flaw ...
1 year ago Packetstormsecurity.com CVE-2017-11882 Equation
Attackers Exploit 6-Year-Old Microsoft Office Bug to Spread Spyware - Attackers are exploiting a 6-year-old Microsoft Office remote code execution flaw to deliver spyware, in an email campaign weaponized by malicious Excel attachments and characterized by sophisticated evasion tactics. Threat actors dangle lures ...
1 year ago Darkreading.com CVE-2017-11882 CVE-20170-11882 Equation
Hackers Exploiting Old Microsoft Office RCE Flaw - It has been reported that malicious individuals are utilizing a malware called Agent Tesla to target Microsoft Office users using versions affected by CVE-2017-11882 XLAM. This malware is taking advantage of a remote code execution vulnerability in ...
1 year ago Gbhackers.com CVE-2017-11882 Equation
Hackers Exploit MS Equation Editor Vulnerability to Deploy XLoader Malware - “These emails trick recipients into opening a DOCX attachment that secretly contains a malicious RTF file exploiting a known vulnerability (CVE-2017-11882) in Microsoft’s Equation Editor,” explained ASEC researchers. The attack ...
7 months ago Cybersecuritynews.com Equation CVE-2017-11882
CVE-2025-11882 - The Simple Donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's simpledonate shortcode in versions less than, or equal to, 1.0 due to insufficient input sanitization and output escaping on user supplied ...
3 weeks ago
Hackers Exploited 17-year-old vulnerability to Weaponize Word Documents - Security researchers at Fortinet’s FortiGuard Labs have uncovered a sophisticated phishing campaign that uses weaponized Microsoft Word documents to deliver information-stealing malware to unsuspecting Windows users. “This vulnerability ...
7 months ago Cybersecuritynews.com Equation CVE-2017-11882
CVE-2017-11884 - Microsoft Excel 2016 Click-to-Run (C2R) allows an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique ...
7 years ago
CVE-2017-11882 - Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle ...
7 months ago CVE-2017-11882
Chinese hackers target Russian govt with upgraded RAT malware - Security researchers at Kaspersky's Global Research and Analysis Team (GReAT) spotted the updated implant while investigating recent attacks where the attackers deployed the RAT malware using a malicious MMC script camouflaged as a Word ...
7 months ago Bleepingcomputer.com CVE-2021-40449
Kimusky Hackers Exploiting RDP & MS Office Vulnerabilities in Targeted Attacks - A sophisticated Advanced Persistent Threat (APT) operation named Larva-24005, linked to the notorious Kimsuky threat group, has been discovered actively exploiting critical vulnerabilities in Remote Desktop Protocol (RDP) and Microsoft Office ...
7 months ago Cybersecuritynews.com Equation Kimsuky CVE-2019-0708
5 Email Attacks SOCs Cannot Detect Without A Sandbox  - The moment the file was opened, it reached out to a phishing page hosted on SharePoint; a trusted Microsoft domain often used to bypass filters. But with an interactive sandbox like ANY.RUN, SOC teams get exactly what’s been missing: complete ...
4 months ago Cybersecuritynews.com CVE-2024-43451
CVE-2018-11882 - Incorrect bound check can lead to potential buffer overwrite in WLAN controller in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660. ...
6 years ago
CVE-2020-11882 - The O2 Business application 1.2.0 for Android exposes the canvasm.myo2.SplashActivity activity to other applications. The purpose of this activity is to handle deeplinks that can be delivered either via links or by directly calling the activity. ...
5 years ago
CVE-2024-11882 - The FAQ And Answers – Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input ...
11 months ago Tenable.com
CVE-20170-11882 - ...
55 years ago
Cyber-espionage group Cloud Atlas targets Russian companies with war-related phishing attacks - The hacker group known as Cloud Atlas targeted a Russian agro-industrial enterprise and a state-owned research company in a new espionage campaign, researchers have found. Cloud Atlas is a state-backed threat actor, active since at least 2014, that ...
1 year ago Therecord.media CVE-2017-11882
5 Common Phishing Vectors and Examples - Phishing attacks can be executed through various means, such as SMS and phone calls, but the most prevalent method involves sending victims emails containing malicious attachments. Let's take a closer look at these types and examine examples of ...
1 year ago Cybersecuritynews.com CVE-2017-11882 Equation
SideWinder APT Group Attacking Military & Government Entities With New Tools - Recent findings reveal that SideWinder has developed a massive new infrastructure to distribute malware and control compromised systems, with a notable increase in attacks against maritime infrastructures, logistics companies, and entities related to ...
8 months ago Cybersecuritynews.com Sidewinder CVE-2017-11882
CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits - An improper output neutralization for logs vulnerability CVE-2024-5594 in Siemens SINEMA Remote Connect Server.  It allows a malicious OpenVPN peer to send garbage to the OpenVPN log or cause high CPU load. The advisory includes missing ...
8 months ago Cybersecuritynews.com CVE-2024-5594
Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security - In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, ...
4 months ago Krebsonsecurity.com CVE-2025-53770
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits - Vulnerabilities in the SIPROTEC 5 series include Cleartext storage of sensitive information (CVE-2024-53651), which has a CVSS v3 base score of 4.6. Mitigation involves firmware updates and restricting network access. This SCADA management software ...
9 months ago Cybersecuritynews.com CVE-2024-53651 CVE-2025-25067 CVE-2025-24865 CVE-2025-22896 CVE-2025-23411 CVE-2023-37482 CVE-2024-54015 CVE-2022-38465 CVE-2025-24811 CVE-2025-20615 CVE-2025-24836 CVE-2025-23421 CVE-2024-53977 CVE-2025-23363 CVE-2025-1283 CVE-2025-23403 CVE-2025-26473 CVE-2025-25281 CVE-2025-24861
Apple backports zero-day patches to older iPhones and Macs - Apple has released security updates that backport fixes for actively exploited vulnerabilities that were exploited as zero-days to older versions of its operating systems. Specifically, the latest update for iOS 18.4 and iPadOS 18.4 fixes 77 ...
8 months ago Bleepingcomputer.com CVE-2025-30456
Weekly Cybersecurity Newsletter: Chrome 0-Day, VMware Flaws Patched, Fortiweb Hack, Teams Abuse, and More - Google has issued an emergency security update for its Chrome browser to address a critical zero-day vulnerability, CVE-2025-6558, that is being actively exploited in the wild. The Node.js project released security updates on July 15, 2025, to fix ...
4 months ago Cybersecuritynews.com CVE-2025-6558
CVE-2025-37859 - In the Linux kernel, the following vulnerability has been resolved: ...
6 months ago
Hardening Windows Servers - Top Strategies to Prevent Exploits in 2025 - By leveraging the default security enhancements in Windows Server 2025 alongside strategic implementations of Application Control, Attack Surface Reduction, and proper credential management, organizations can significantly reduce their risk exposure ...
6 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)