VulnerAlert



WORDPRESS
07-06-2025 06:20

CVE-2025-5303 Vulnerabilidad documentada

7.2 HIGH
Tags
#wordpress
#site
#plugin
#cross
#web
#edition
#cross-site
#cross-site scripting
#attackers
#authenticated
#arbitrary
#vulnerable
#scripting
#inject
#execute
#attack
#access
Descripción
The LTL Freight Quotes – Freightview Edition, Daylight Edition and Day & Ross plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the expiry_date parameter in all versions up to, including, 1.0.11, 2.2.6 2.1.10 respectively, due insufficient input sanitization output escaping. This makes it possible unauthenticated attackers inject arbitrary web scripts pages that will execute whenever a user accesses an injected page.
https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-day-ross-edition/trunk/en-hit-to-update-plan.php#L29
https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-daylight-edition/tags/2.2.6/en-hit-to-update-plan.php#L29
https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-freightview-edition/tags/1.0.11/common/en-plans.php#L110
https://plugins.trac.wordpress.org/browser/ltl-freight-quotes-freightview-edition/tags/1.0.11/en-hit-to-update-plan.php#L29
https://www.wordfence.com/threat-intel/vulnerabilities/id/05fc4b17-7922-45a4-aac8-a47b3f50ce69?source=cve
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-5303
Resultados similares
Coincidentes en almenos en 50% de los tags
07-06-2025 CVE-2025-5568
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple pa...
Ver información
07-06-2025 CVE-2025-5528
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflecte...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por