CVE-2025-26529 - How Insufficient Log Sanitization Can Lead to Stored XSS Vulnerabilities
In early 2025, a new vulnerability named CVE-2025-26529 was discovered affecting various web-based applications with site administration panels. This vulnerability revealed that information displayed in
CVE-2024-4028 - Keycloak Admin Console Vulnerability Enables Privileged XSS Attacks
_Keycloak_ is a widely-used open-source identity and access management solution, trusted by developers for securing applications. In June 2024, a new critical vulnerability—CVE-2024-4028—was
CVE-2025-0864 - Reflected XSS Vulnerability in Active Products Tables for WooCommerce Plugin (All Versions ≤ 1..6.6) Explained
If you’re running a WordPress online store with WooCommerce, you might be using Active Products Tables for WooCommerce to display product listings. However, a
CVE-2024-13565 - Exploiting Stored XSS in Simple Map No Api WordPress Plugin (<= v1.9)
TL;DR:
The Simple Map No Api plugin for WordPress, up to and including version 1.9, has a dangerous vulnerability. If you’re letting
CVE-2025-23840 - Reflected XSS in WP-NOTCAPTCHA Plugin Explained With Code & Exploit Details
WordPress is the most popular website platform around, which means its plugins are a juicy target for hackers. A recently disclosed vulnerability—CVE-2025-23840—affects the
Episode
00:00:00
00:00:00