Cross-site Scripting Vulnerability in DBAR Productions Volunteer Sign Up Sheets
CVE-2025-3704

5.9MEDIUM

Key Information:

Vendor: WordPress
Status: Volunteer Sign Up Sheets
Vendor: CVE Published:; 27 May 2025

What is CVE-2025-3704?

The DBAR Productions Volunteer Sign Up Sheets application has a Cross-site Scripting (XSS) vulnerability due to improper neutralization of user input during web page generation. This allows malicious users to inject scripts that can be executed in the context of other users' browsers, leading to potential data theft or session hijacking. The issue affects versions prior to 5.5.5, and users are urged to apply the available patch through GitHub, as the vendor has faced challenges in releasing an update via the WordPress.org repository.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Volunteer Sign Up Sheets < 5.5.5

References

https://patchstack.com/database/wordpress/plugin/pta-volu...

vdb-entry

https://github.com/dbarproductions/pta-volunteer-sign-up-...

patchproduct

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 27, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Poystick (Patchstack Alliance)

JSON

WordPress