SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 25ISSUE 11
The Consensus Security Vulnerability Alert
Internet Storm Center Spotlight
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Python Bot Delivered Through DLL Side-Loading
Published: 2025-03-18
Last Updated: 2025-03-18 09:12:46 UTC
by Xavier Mertens (Version: 1)
One of my hunting rules triggered some suspicious Python code, and, diving deeper, I found an interesting example of DLL side-loading. This technique involves placing a malicious DLL with the same name and export structure as a legitimate DLL in a location the application checks first, causing the application to load the malicious DLL instead of the intended one. This is a classic vulnerability seen for years in many software. The attacker also implemented simple tricks to bypass classic security controls.
The malware is delivered through a ZIP archive: 'Hootsuite<.>zip'. The archive contains some files that have the Hidden protection flag ...
Read the full entry: https://isc.sans.edu/diary/Python+Bot+Delivered+Through+DLL+SideLoading/31778/
File Hashes Analysis with Power BI from Data Stored in DShield SIEM
Published: 2025-03-12
Last Updated: 2025-03-13 00:41:51 UTC
by Guy Bruneau (Version: 1)
I previously used Power BI to analyze DShield sensor data and this time I wanted to show how it could be used by selecting certain type of data as a large dataset and export it for analysis. This time, I ran a query in Elastic Discover and exported that data to analyze it in PowerBI into a CSV format. The first step was to run a query in Discover and select the past 60 days with the following query ...
Next was to export that data in a CSV file: Kibana_Export_CSV
Next step is to import the data into Power BI for analysis. In Power BI, Select Excel workbook and select all files and open the file you exported from Kibana followed by Load. From the interface, start building the visualization you want to analyze.
First, configure the @timestamp to split the date and time by selecting Transform data and right click on the @timestamp to Remove Duplicates to create 2 columns ...
Read the full entry: https://isc.sans.edu/diary/File+Hashes+Analysis+with+Power+BI+from+Data+Stored+in+DShield+SIEM/31764/
Scans for VMWare Hybrid Cloud Extension (HCX) API (Log4j - not brute forcing)
Published: 2025-03-12
Last Updated: 2025-03-12 14:42:07 UTC
by Johannes Ullrich (Version: 1)
Today, I noticed increased scans for the VMWare Hyprid Cloud Extension (HCX) "sessions" endpoint. These endpoints are sometimes associated with exploit attempts for various VMWare vulnerabilities to determine if the system is running the extensions or to gather additional information to aid exploitation.
Initially, based on the URL, I suspected brute forcing. However, after reviewing some complete requests (see below), it turns out that these attempts are exploiting the Log4j vulnerability ...
Internet Storm Center Entries
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 and CVE-2024-20440 (2025.03.19)
Static Analysis of GUID Encoded Shellcode (2025.03.17)
https://isc.sans.edu/diary/Static+Analysis+of+GUID+Encoded+Shellcode/31774/
Mirai Bot now incorporating (malformed?) DrayTek Vigor Router Exploits (2025.03.16)
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2025-24813 - Apache Tomcat is vulnerable to Path Equivalence leading to Remote Code Execution and/or Information disclosure via the Default Servlet, affecting versions 11.0.0-M1 through 11.0.2, 10.1.0-M1 through 10.1.34, and 9.0.0.M1 through 9.0.98.
Product: Apache Software Foundation Apache Tomcat
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24813
ISC Podcast: https://isc.sans.edu/podcastdetail/9368
CVE-2025-21590 - Juniper Networks Junos OS is vulnerable to improper isolation, allowing a local attacker to compromise device integrity by injecting arbitrary code via the shell.
Product: Juniper Junos
CVSS Score: 4.4
** KEV since 2025-03-13 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21590
ISC Podcast: https://isc.sans.edu/podcastdetail/9364
NVD References:
CVE-2025-24983 - Use after free in Windows Win32 Kernel Subsystem allows an authorized attacker to elevate privileges locally.
Product: Microsoft Windows 10 1507
CVSS Score: 7.0
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24983
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983
CVE-2025-24985 - Integer overflow or wraparound in Windows Fast FAT Driver allows an unauthorized attacker to execute code locally.
Product: Microsoft Windows 10 1507
CVSS Score: 7.8
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24985
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24985
CVE-2025-24993 - Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally.
Product: Microsoft Windows 10 1507
CVSS Score: 7.8
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24993
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24993
CVE-2025-26633 - Improper neutralization in Microsoft Management Console allows an unauthorized attacker to bypass a security feature locally.
Product: Microsoft Windows 10 1507
CVSS Score: 7.0
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26633
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26633
CVE-2025-24201 - visionOS, iOS, iPadOS, macOS Sequoia, Safari were vulnerable to an out-of-bounds write issue that could allow malicious web content to break out of the sandbox.
Product: Apple Safari
CVSS Score: 8.8
** KEV since 2025-03-13 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24201
NVD References:
- https://support.apple.com/en-us/122281
- https://support.apple.com/en-us/122283
CVE-2025-30066 - tj-actions changed-files allows remote attackers to discover secrets by reading actions logs.
Product: tj-actions changed-filesCVSS Score: 8.6** KEV since 2025-03-18 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30066NVD References: - https://blog.gitguardian.com/compromised-tj-actions/- https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/- https://sysdig.com/blog/detecting-and-mitigating-the-tj-actions-changed-files-supply-chain-attack-cve-2025-30066/- https://web.archive.org/web/20250315060250/https://github.com/tj-actions/changed-files/issues/2463- https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised- https://www.wiz.io/blog/github-action-tj-actions-changed-files-supply-chain-attack-cve-2025-30066- https://www.cisa.gov/news-events/alerts/2025/03/18/supply-chain-compromise-third-party-github-action-cve-2025-30066CVE-2025-24984 - Windows NTFS allows unauthorized attackers to disclose sensitive information through log file insertion via physical attack.Product: Microsoft Windows 10 1507CVSS Score: 4.6** KEV since 2025-03-11 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24984NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984CVE-2025-24991 - Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.Product: Microsoft Windows 10 1507CVSS Score: 5.5** KEV since 2025-03-11 **NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24991NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991CVE-2024-56336 - SINAMICS S200 is vulnerable to injection of malicious code or installation of untrusted firmware due to an unlocked bootloader.Product: Siemens SINAMICS S200 CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56336NVD References: https://cert-portal.siemens.com/productcert/html/ssa-787280.htmlCVE-2025-27494 - SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP devices < V6.4.9 have a vulnerability that could allow a remote administrator to escalate privileges by injecting arbitrary commands.Product: Siemens SiPass integrated AC5102CVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27494NVD References: https://cert-portal.siemens.com/productcert/html/ssa-515903.htmlCVE-2025-27363 - FreeType versions 2.13.0 and below have an out of bounds write vulnerability related to font subglyph structures, potentially leading to arbitrary code execution.Product: FreeTypeCVSS Score: 8.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27363ISC Podcast: https://isc.sans.edu/podcastdetail/9362NVD References: https://www.facebook.com/security/advisories/cve-2025-27363CVE-2025-26701 - Percona PMM Server (OVA) before version 3.0.0-1.ova allows default service account credentials to potentially lead to SSH access, use of Sudo to root, and sensitive data exposure, fixed in later versions.Product: Percona PMM ServerCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26701NVD References: https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm/CVE-2025-22954 - GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.Product: KohaCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22954NVD References: - https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38829- https://koha-community.org/koha-24-11-02-released/CVE-2025-1960 - WebHMI is vulnerable to unauthorized command execution due to an insecure default password and incorrect display of default usernames.Product: CWE WebHMICVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1960NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-03.pdfCVE-2025-27407 - graphql-ruby is vulnerable to remote code execution when loading a malicious schema definition in `GraphQL::Schema.from_introspection` prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21.Product: graphql-ruby Ruby implementation of GraphQLCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27407NVD References: - https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released- https://github.com/github-community-projects/graphql-client- https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492CVE-2025-2263 - Sante PACS Server.exe is vulnerable to a stack-based buffer overflow during login due to a fixed-size buffer used by OpenSSL function EVP_DecryptUpdate.Product: Sante International Sante PACS ServerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2263NVD References: https://www.tenable.com/security/research/tra-2025-08CVE-2025-27593 - SDD Device Drivers are vulnerable to code execution on target systems due to missing download verification checks.Product: SDD Device DriversCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27593NVD…
CVE-2025-24984 - Windows NTFS allows unauthorized attackers to disclose sensitive information through log file insertion via physical attack.
Product: Microsoft Windows 10 1507
CVSS Score: 4.6
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24984
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24984
CVE-2025-24991 - Out-of-bounds read in Windows NTFS allows an authorized attacker to disclose information locally.
Product: Microsoft Windows 10 1507
CVSS Score: 5.5
** KEV since 2025-03-11 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24991
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24991
CVE-2024-56336 - SINAMICS S200 is vulnerable to injection of malicious code or installation of untrusted firmware due to an unlocked bootloader.
Product: Siemens SINAMICS S200
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56336
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-787280.html
CVE-2025-27494 - SiPass integrated AC5102 (ACC-G2) and SiPass integrated ACC-AP devices < V6.4.9 have a vulnerability that could allow a remote administrator to escalate privileges by injecting arbitrary commands.
Product: Siemens SiPass integrated AC5102
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27494
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-515903.html
CVE-2025-27363 - FreeType versions 2.13.0 and below have an out of bounds write vulnerability related to font subglyph structures, potentially leading to arbitrary code execution.
Product: FreeType
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27363
ISC Podcast: https://isc.sans.edu/podcastdetail/9362
NVD References: https://www.facebook.com/security/advisories/cve-2025-27363
CVE-2025-26701 - Percona PMM Server (OVA) before version 3.0.0-1.ova allows default service account credentials to potentially lead to SSH access, use of Sudo to root, and sensitive data exposure, fixed in later versions.
Product: Percona PMM Server
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26701
NVD References: https://www.percona.com/blog/security-advisory-cve-affecting-percona-monitoring-and-management-pmm/
CVE-2025-22954 - GetLateOrMissingIssues in C4/Serials.pm in Koha before 24.11.02 allows SQL Injection in /serials/lateissues-export.pl via the supplierid or serialid parameter.
Product: Koha
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22954
NVD References:
- https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=38829
CVE-2025-1960 - WebHMI is vulnerable to unauthorized command execution due to an insecure default password and incorrect display of default usernames.
Product: CWE WebHMI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1960
NVD References: https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2025-070-03&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2025-070-03.pdf
CVE-2025-27407 - graphql-ruby is vulnerable to remote code execution when loading a malicious schema definition in `GraphQL::Schema.from_introspection` prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21.
Product: graphql-ruby Ruby implementation of GraphQL
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27407
NVD References:
- https://about.gitlab.com/releases/2025/03/12/patch-release-gitlab-17-9-2-released
- https://github.com/github-community-projects/graphql-client
- https://github.com/rmosolgo/graphql-ruby/security/advisories/GHSA-q92j-grw3-h492
CVE-2025-2263 - Sante PACS Server.exe is vulnerable to a stack-based buffer overflow during login due to a fixed-size buffer used by OpenSSL function EVP_DecryptUpdate.
Product: Sante International Sante PACS Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2263
NVD References: https://www.tenable.com/security/research/tra-2025-08
CVE-2025-27593 - SDD Device Drivers are vulnerable to code execution on target systems due to missing download verification checks.
Product: SDD Device Drivers
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27593
NVD References:
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CVE-2025-27595 - The device's weak hashing algorithm allows attackers to easily calculate matching passwords, compromising its security and integrity.
Product: D-Link DIR-850L Wireless Router
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27595
NVD References:
- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF
- https://github.security.telekom.com/2025/03/multiple-vulnerabilities-in-sick-dl100.html
- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices
- https://www.first.org/cvss/calculator/3.1
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.json
- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0004.pdf
CVE-2025-2000 - Qiskit versions 0.18.0 through 1.4.1 are vulnerable to code execution attacks when deserialising maliciously crafted QPY files.
Product: Qiskit QPY
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2000
NVD References: https://www.ibm.com/support/pages/node/7185949
CVE-2025-29029, CVE-2025-29030, CVE-2025-29031 - Tenda AC6 v15.03.05.16 was discovered to contain buffer overflow vulnerabilities
Product: Tenda AC6
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29029
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29030
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29031
NVD References:
- https://github.com/WhereisDoujo/CVE/issues/2
CVE-2025-29384, CVE-2025-29385, CVE-2025-29386 - Tenda AC9 v1.0 V15.03.05.14_multi is vulnerable to stack overflow, allowing for remote arbitrary code execution.
Product: Tenda AC9
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29384
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29385
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-29386
NVD References:
- https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan1.md
- https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan3.md
- https://github.com/shuqi233/loophole/blob/main/Tenda%20AC9/AdvSetMacMtuWan4.md
CVE-2025-2345 - IROAD Dash Cam X5 and Dash Cam X6, up to 20250308, have a very critical vulnerability that allows for remote attacks due to improper authorization.
Product: IROAD Dash Cam X5
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2345
NVD References:
- https://vuldb.com/?ctiid.299811
CVE-2025-2395 - The U-Office Force from e-Excellence is vulnerable to Unauthorized Access due to an Improper Authentication issue that enables unauthenticated remote attackers to manipulate cookies and gain administrator access.
Product: e-Excellence U-Office Force
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2395
NVD References:
CVE-2025-25914 - Online Exam Mastering System v.1.0 is vulnerable to SQL injection, allowing remote attackers to execute arbitrary code via the fid parameter.
Product: Online Exam Mastering System Online Exam Mastering System v.1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25914
NVD References: https://github.com/872323857/CVE/blob/main/online-exam-mastering-system_sqlinject.md
CVE-2024-23943 - Cloud API allows unauthenticated remote attackers to gain access due to a critical function lacking authentication, without affecting availability.
Product: Cisco Cloud API
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-23943
NVD References: https://cert.vde.com/en/advisories/VDE-2024-010
CVE-2023-47539 - FortiMail version 7.4.0 with RADIUS authentication and remote_wildcard enabled allows a remote unauthenticated attacker to bypass admin login.
Product: Fortinet FortiMail
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47539
NVD References: https://fortiguard.com/psirt/FG-IR-23-439
CVE-2024-8997 - Vestel EVC04 Configuration Interface is vulnerable to SQL Injection through 18.03.2025.
Product: Vestel EVC04 Configuration Interface
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8997
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0070
CVE-2024-56346 - IBM AIX 7.2 and 7.3 nimesis NIM master service allows remote attackers to execute arbitrary commands.
Product: IBM AIX
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56346
NVD References: https://www.ibm.com/support/pages/node/7186621
CVE-2024-56347 - IBM AIX 7.2 and 7.3 nimsh service is vulnerable to remote code execution due to weak SSL/TLS protection.
Product: IBM AIX
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-56347
NVD References: https://www.ibm.com/support/pages/node/7186621
CVE-2024-10441 - Synology BeeStation Manager (BSM), Synology DiskStation Manager (DSM), and Synology Unified Controller (DSMUC) are vulnerable to improper encoding or escaping of output, allowing remote attackers to execute arbitrary code.
Product: Synology BeeStation Manager (BSM)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10441
NVD References:
- https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
- https://www.synology.com/en-global/security/advisory/Synology_SA_24_23
CVE-2024-10442 - Synology Replication Service and Synology Unified Controller (DSMUC) before specified versions allow remote attackers to execute arbitrary code due to an off-by-one error vulnerability.
Product: Synology Replication Service
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10442
NVD References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_22
CVE-2024-11131 - Synology Camera Firmware versions before 1.2.0-0525 may allow remote attackers to execute arbitrary code via unspecified vectors, affecting models BC500, CC400W, and TC500.
Product: Synology Camera Firmware
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11131
NVD References: https://www.synology.com/en-global/security/advisory/Synology_SA_24_24
CVE-2025-28915 - ThemeEgg ToolKit allows for unrestricted upload of dangerous file types, potentially enabling attackers to upload a web shell onto a web server.
Product: ThemeEgg ToolKit
Active Installations: This plugin has been closed as of February 26, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28915
CVE-2024-13446 - The Workreap plugin for WordPress is vulnerable to privilege escalation through account takeover due to inadequate user identity validation, allowing unauthenticated attackers to login as any user or change passwords, including administrators, up to version 3.2.5.
Product: Workreap WordPress
Active Installations: Unknown. Update to version 3.2.6, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13446
NVD References:
- https://themeforest.net/item/workreap-freelance-marketplace-wordpress-theme/23712454
CVE-2024-11284 - The WP JobHunt plugin for WordPress allows unauthenticated attackers to escalate privileges and take over accounts by changing passwords without proper validation, up to version 6.9.
Product: WordPress WP JobHunt plugin
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11284
NVD References:
- https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
CVE-2024-11285 - The WP JobHunt plugin for WordPress up to version 7.1 is susceptible to privilege escalation through account takeover, allowing unauthenticated attackers to change users' email addresses and acquire access to their accounts.
Product: WordPress WP JobHunt plugin
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11285
NVD References:
- https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
CVE-2024-11286 - The WP JobHunt plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to login as any user, including administrators.
Product: WordPress WP JobHunt plugin
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11286
NVD References:
- https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
CVE-2024-13824 - The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to 4.19.0, allowing unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in specific functions.
Product: CiyaShop - Multipurpose WooCommerce Theme
Active Installations: Update to version 4.19.1, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13824
NVD References:
- https://themeforest.net/item/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme/22055376#item-description__changelog
CVE-2024-13771 - The Civi - Job Board & Freelance Marketplace WordPress Theme plugin is vulnerable to an authentication bypass allowing attackers to change passwords of users without validation.
Product: CiviThemes Job Board & Freelance Marketplace WordPress Theme
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13771
NVD References:
- http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715
CVE-2025-2232 - The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, has an authentication bypass vulnerability allowing unauthenticated attackers to register an account as an Administrator.
Product: Purethemes Realteo - Real Estate Plugin
Active Installations: Update to version 1.2.9, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2232
NVD References:
- https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/
CVE-2025-1771 - The Traveler theme for WordPress is vulnerable to Local File Inclusion, allowing unauthenticated attackers to execute arbitrary files and potentially obtain sensitive data.
Product: WordPress Traveler theme
Active Installations: Update to version 3.1.9, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1771
NVD References:
- https://travelerwp.com/traveler-changelog/
CVE-2025-26875 - Multiple Shipping And Billing Address For Woocommerce versions up to 1.3 are vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, as identified in silverplugins217.
Product: SilverPlugins Multiple Shipping And Billing Address For Woocommerce
Active Installations: Update to version 1.5 or later to remove the vulnerability.
CVSS Score: 9.3
CVE-2024-11284 - The WP JobHunt plugin for WordPress allows unauthenticated attackers to escalate privileges and take over accounts by changing passwords without proper validation, up to version 6.9.
Product: WordPress WP JobHunt plugin
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11284
NVD References:
- https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
CVE-2024-11285 - The WP JobHunt plugin for WordPress up to version 7.1 is susceptible to privilege escalation through account takeover, allowing unauthenticated attackers to change users' email addresses and acquire access to their accounts.
Product: WordPress WP JobHunt plugin
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11285
NVD References:
- https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
CVE-2024-11286 - The WP JobHunt plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to login as any user, including administrators.
Product: WordPress WP JobHunt plugin
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-11286
NVD References:
- https://themeforest.net/item/jobcareer-job-board-responsive-wordpress-theme/14221636
CVE-2024-13824 - The CiyaShop - Multipurpose WooCommerce Theme theme for WordPress is vulnerable to PHP Object Injection in all versions up to 4.19.0, allowing unauthenticated attackers to inject a PHP Object via deserialization of untrusted input in specific functions.
Product: CiyaShop - Multipurpose WooCommerce Theme
Active Installations: Update to version 4.19.1, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13824
NVD References:
- https://themeforest.net/item/ciyashop-responsive-multipurpose-woocommerce-wordpress-theme/22055376#item-description__changelog
CVE-2024-13771 - The Civi - Job Board & Freelance Marketplace WordPress Theme plugin is vulnerable to an authentication bypass allowing attackers to change passwords of users without validation.
Product: CiviThemes Job Board & Freelance Marketplace WordPress Theme
Active Installations: Unknown. No known patch available.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13771
NVD References:
- http://localhost:1337/wp-content/themes/civi/includes/class-ajax.php#L715
CVE-2025-2232 - The Realteo - Real Estate Plugin by Purethemes plugin for WordPress, used by the Findeo Theme, has an authentication bypass vulnerability allowing unauthenticated attackers to register an account as an Administrator.
Product: Purethemes Realteo - Real Estate Plugin
Active Installations: Update to version 1.2.9, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2232
NVD References:
- https://docs.purethemes.net/findeo/knowledge-base/changelog-findeo/
CVE-2025-1771 - The Traveler theme for WordPress is vulnerable to Local File Inclusion, allowing unauthenticated attackers to execute arbitrary files and potentially obtain sensitive data.
Product: WordPress Traveler theme
Active Installations: Update to version 3.1.9, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1771
NVD References:
CVE-2025-26875 - Multiple Shipping And Billing Address For Woocommerce versions up to 1.3 are vulnerable to SQL Injection due to improper neutralization of special elements in SQL commands, as identified in silverplugins217.
Product: SilverPlugins Multiple Shipping And Billing Address For Woocommerce
Active Installations: Update to version 1.5 or later to remove the vulnerability.
CVSS Score: 9.3
Sponsors
Wiz
Top 7 GenAI Security Practices The task for security teams to secure AI pipelines is no small feat. Discover the 7 essential concepts, techniques, and mitigation strategies for securing your AI pipelines with the GenAI Security Best Practices Cheat Sheet from Wiz. Download your copy here:
Microsoft
Webcast: Securing the Future with Microsoft Defender for Cloud: Best Practices and Insights | March 26, 1:00 ET | Join Dave Shackleford, and Microsoft's Dick Lake, as they explore practical approaches to securing cloud environments. Gain a deeper understanding of key areas such as cloud security posture management, DevOps security, and detection and response strategies all tailored to help you future-proof your organization in an ever-changing threat landscape. Save your seat today.
SANS
Survey: 2025 SANS SOC Survey: Facing Top Challenges in Security Operations | The SANS 2025 SOC Survey uncovers the biggest challenges, trends, and innovations shaping modern SOCs. Your insights help drive industry benchmarks and best practices. Take the survey & shape the future of SOCs. Complete the survey by March 24 for a chance to win a $100 or a $250 Amazon gift card.
SANS
Survey: 2025 SANS SOC Survey: Facing Top Challenges in Security Operations | The SANS 2025 SOC Survey uncovers the biggest challenges, trends, and innovations shaping modern SOCs. Your insights help drive industry benchmarks and best practices. Take the survey & shape the future of SOCs. Complete the survey by March 24 for a chance to win a $100 or a $250 Amazon gift card.