CyberSecurityBoard
Sponsor Register Login

CVE-2025-5678

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Publication date: Wed, 09 Jul 2025 01:44:00 +0000


Cyber News related to CVE-2025-5678

CVE-2025-5678 - The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘redirectURL’ parameter in all versions up to, and including, 3.5.10 due to insufficient input ...
4 months ago
CVE-2017-5678 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-13069. Reason: This candidate is a reservation duplicate of CVE-2017-13069. Notes: All CVE users should reference CVE-2017-13069 instead of this candidate. All references and ...
55 years ago Tenable.com
CVE-2018-5676 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a ...
7 years ago
CVE-2018-5678 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a ...
7 years ago
CVE-2018-5674 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a ...
7 years ago
CVE-2006-5678 - ** DISPUTED ** PHP remote file inclusion vulnerability in common/visiteurs/include/library.inc.php in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allows remote attackers to ...
7 years ago
CVE-2023-5678 - Issue summary: Generating excessively long X9.42 DH keys or checking ...
1 year ago
Chinese UNC6384 Hackers Exploit Zero-Day Vulnerabilities to Target Global Organizations - Chinese UNC6384 hackers have been actively exploiting zero-day vulnerabilities to infiltrate global organizations, focusing on sectors such as government, technology, and telecommunications. This advanced persistent threat (APT) group leverages ...
3 months ago Cybersecuritynews.com CVE-2024-1234 CVE-2024-5678 UNC6384
OpenSSL Vulnerabilities: Risks, Exploits, and Mitigation Strategies - OpenSSL, a widely used cryptographic library, has faced numerous vulnerabilities over the years that pose significant risks to global cybersecurity. This article explores the most critical OpenSSL vulnerabilities, their impact on organizations, and ...
1 month ago Cybersecuritynews.com CVE-2024-1234 CVE-2023-5678 Advanced Persistent Threat Groups
CVE-2012-2559 - WellinTech KingHistorian 3.0 allows remote attackers to execute arbitrary code or cause a denial of service (invalid pointer write) via a crafted packet to TCP port 5678. ...
13 years ago
CVE-2014-5678 - The IQ Test (aka com.pophub.androidiqtest.free) application 3.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
11 years ago
CVE-2005-2583 - Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented web server running on TCP port 5678, which allows local users to gain access. ...
9 years ago
CVE-2002-2159 - Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the firmware 1.42.7 upgrade installed opens TCP port 5678 for remote administration even when the "Block WAN" and "Remote Admin" options are disabled, which allows remote ...
8 years ago
CVE-2016-5678 - NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors. ...
8 years ago
CVE-2008-5678 - Fretwell-Downing Informatics (FDI) OLIB7 WebView 2.5.1.1 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, ...
8 years ago
CVE-2007-5636 - Buffer overflow in the Nortel UNIStim IP Softphone 2050 allows remote attackers to cause a denial of service (application abort) and possibly execute arbitrary code via a flood of invalid characters to the RTCP port (5678/udp) that triggers a Windows ...
7 years ago
CVE-2007-5678 - SQL injection vulnerability in the Music module in phpBasic allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to the default URI. ...
7 years ago
CVE-2012-5678 - Adobe Flash Player before 10.3.183.48 and 11.x before 11.5.502.135 on Windows, before 10.3.183.48 and 11.x before 11.5.502.136 on Mac OS X, before 10.3.183.48 and 11.x before 11.2.202.258 on Linux, before 11.1.111.29 on Android 2.x and 3.x, and ...
6 years ago
CVE-2019-5678 - NVIDIA GeForce Experience versions prior to 3.19 contains a vulnerability in the Web Helper component, in which an attacker with local system access can craft input that may not be properly validated. Such an attack may lead to code execution, denial ...
6 years ago
CVE-2020-5678 - Stored cross-site scripting vulnerability in GROWI v3.8.1 and earlier allows remote attackers to inject arbitrary script via unspecified vectors. ...
4 years ago
CVE-2024-5678 - Zohocorp ManageEngine Applications Manager versions 170900 and below are vulnerable to the authenticated admin-only SQL Injection in the Create Monitor feature. ...
1 year ago
CVE-2018-13799 - A vulnerability has been identified in SIMATIC WinCC OA V3.14 and prior (All versions < V3.14-P021). Improper access control to a data point of the affected product could allow an unauthenticated remote user to escalate its privileges in the ...
6 years ago
CVE-2024-38538 - In the Linux kernel, the following vulnerability has been resolved: net: bridge: xmit: make sure we have at least eth header len bytes syzbot triggered an uninit value[1] error in bridge device's xmit path by sending a short (less than ETH_HLEN ...
1 year ago Tenable.com
Ubuntu's Kernel Vulnerability Exposes Millions to Potential Attacks - Ubuntu, a widely used Linux distribution, has recently disclosed a critical kernel vulnerability that could expose millions of users to potential cyberattacks. This vulnerability, identified as CVE-2024-5678, allows attackers to escalate privileges ...
1 month ago Cybersecuritynews.com CVE-2024-5678

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)