The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Apple Patches Everything: March 31st 2025 Edition

Published: 2025-03-31

Last Updated: 2025-03-31 23:46:37 UTC

by Johannes Ullrich (Version: 1)

Today, Apple released updates across all its products: iOS, iPadOS, macOS, tvOS, visionOS, Safari, and XCode. WatchOS was interestingly missing from the patch lineup. This is a feature update for the operating systems, but we get patches for 145 different vulnerabilities in addition to new features. This update includes a patch for CVE-2025-24200 and CVE-2025-24201, two already exploited iOS vulnerabilities, for older iOS/iPadOS versions. Current versions received this patch a few weeks ago ...

Read the full entry: https://isc.sans.edu/diary/Apple+Patches+Everything+March+31st+2025+Edition/31816/

Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891)

Published: 2025-03-31

Last Updated: 2025-03-31 12:20:30 UTC

by Johannes Ullrich (Version: 1)

About three weeks ago, Apache patched two vulnerabilities in Apache Camel. The two vulnerabilities (CVE-2025-27636 and CVE-2025-29891) may lead to remote code execution, but not in the default configuration. The vulnerability is caused by Apache Camel using case-sensitive filters to restrict which headers may be used. However HTTP headers are not case-sensitive, and an attacker may trivially bypass the filter.

At this point, the attempts we see originate from authorized vulnerability scanners. I do not call this "exploited" yet, but the exploit is trivial, and actual exploitation is likely, but the number of vulnerable systems is likely small. The vulnerability is still interesting because (a) It uses HTTP headers, and I am currently focusing on HTTP headers (b) it is trivial to exploit.

Here is a sample request ...

Why do I believe that these are authorized vulnerability scans?

1. The target IP of the "ping" is an internal IP address

2. The User-Agent is the name of a well respected security company (redacted to protect the innocent)

3. The victim IP is also an internal IP address.

4. The hexadecimal ping payload decodes to "_OpenVASVT91380_". OpenVAS is an open source vulnerability scanner unsuitable for typical internet wide scans done by attackers we usually observe.

Could this still be an actual attack? Sure. Everything is possible. But it is very unlikely that an attacker would spoof this user agent, and this attacker would already be "inside" the network.

Read the full entry: https://isc.sans.edu/diary/Apache+Camel+Exploit+Attempt+by+Vulnerability+Scan+CVE202527636+CVE202529891/31814/

Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218

Published: 2025-03-27

Last Updated: 2025-03-27 17:05:40 UTC

by Johannes Ullrich (Version: 1)

On March 6th, Searchlight Cyber published a blog revealing details about a new deserialization vulnerability in Sitecore. Sitecore calls itself a "Digital Experience Platform (CXP)," which is a fancy content management system (CMS). Sitecore itself is written in .Net and is often sold as part of a solution offered by Sitecore partners. Like other CMSs, it makes it easy to manage a website's content. It offers several attractive features to marketing professionals seeking more insight into user patterns.

Searchlight Cyber has reviewed Sitecore in the past, and this is not the first vulnerability Searchlight Cyber has discovered in Sitecore.

This most recent vulnerability is interesting in that it does not require authentication. Like other deserialization vulnerabilities, this vulnerability may lead to remote code execution. Another somewhat unusual property of this vulnerability is using a custom header. A few deserialization vulnerabilities are exploitable via cookies, but I do not remember seeing one exploiting a custom header. Let me know if there are others ...

Read the full entry: https://isc.sans.edu/diary/Sitecore+thumbnailsaccesstoken+Deserialization+Scans+and+some+new+reports+CVE202527218/31806/

Surge in Scans for Juniper "t128" Default User (2025.04.02)

https://isc.sans.edu/diary/Surge+in+Scans+for+Juniper+t128+Default+User/31824/

A Tale of Two Phishing Sites (2025.03.28)

https://isc.sans.edu/diary/A+Tale+of+Two+Phishing+Sites/31810/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

Product: Microsoft Microsoft Management Console

CVSS Score: 0

** KEV since 2025-03-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26633

ISC Podcast: https://isc.sans.edu/podcastdetail/9380

Product: Apple iPadOS

CVSS Score: 0

** KEV since 2025-02-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24200

ISC Diary: https://isc.sans.edu/diary/31816

Product: Apple iOS

CVSS Score: 0

** KEV since 2025-03-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24201

ISC Diary: https://isc.sans.edu/diary/31816

Product: Google Chrome

CVSS Score: 8.3

** KEV since 2025-03-27 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2783

NVD References:

- https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html

- https://issues.chromium.org/issues/405143032

Product: Sitecore Experience Manager (XM)

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27218

ISC Podcast: https://isc.sans.edu/podcastdetail/9384

Product: TBK DVR-4104, DVR-4216

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3721

ISC Podcast: https://isc.sans.edu/podcastdetail/9380

Product: Kubernetes ingress-nginx

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1974

NVD References: https://https://github.com/kubernetes/kubernetes/issues/131009

Product: Convivance StandVoice

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-42533

NVD References:

- https://gist.github.com/7h30th3r0n3/eae27e0eed39741365c55dfd46b57dc8

- https://gist.github.com/7h30th3r0n3/eae27e0eed39741365c55dfd46b57dc8

Product: IIT Bombay Bodhitree

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48818

NVD References:

- https://packetstorm.news/files/id/183309

- https://packetstorm.news/files/id/183309

Product: NASA CryptoLib

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30216

NVD References:

- https://github.com/nasa/CryptoLib/commit/810fd66d592c883125272fef123c3240db2f170f

- https://github.com/nasa/CryptoLib/security/advisories/GHSA-v3jc-5j74-hcjv

- https://github.com/user-attachments/assets/d49cea04-ce84-4d60-bb3a-987e843f09c4

Product: NASA Fprime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55028

NVD References:

- https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3/

Product: NASA Fprime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-55030

NVD References:

- https://visionspace.com/remote-code-execution-and-critical-vulnerabilities-in-nasa-fprime-v3-4-3/

Product: NASA cFS (Core Flight System) Aquila

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25373

NVD References:

- https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/

- https://visionspace.com/nasa-cfs-version-aquila-software-vulnerability-assessment/

Product: Artifex Ghostscript

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27831

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27832

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27836

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27837

NVD References: https://bugs.ghostscript.com/show_bug.cgi?id=708132

NVD References: https://bugs.ghostscript.com/show_bug.cgi?id=708133

NVD References: https://bugs.ghostscript.com/show_bug.cgi?id=708192

NVD References: https://bugs.ghostscript.com/show_bug.cgi?id=708238

Product: Pagure Git

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47516

NVD References:

- https://access.redhat.com/security/cve/CVE-2024-47516

- https://bugzilla.redhat.com/show_bug.cgi?id=2315805

CVE-2025-2825 - CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 allow unauthenticated access via remote HTTP requests.

Product: CrushFTP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2825

NVD References:

- https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

- https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/

CVE-2025-25535 - HTTP Response Manipulation in SCRIPT CASE v.1.0.002 Build7 allows a remote attacker to escalate privileges via a crafted request.

Product: SCRIPT CASE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25535

NVD References:

- https://github.com/simalamuel/Research/tree/main/CVE-2025-25535

- https://www.besafebrasil.com.br/script-case-cve-2025-xx-xxxx/

CVE-2025-26002 through CVE-2025-26008, CVE-2025-26010, CVE-2025-26011 - Multiple vulnerabilities in Telesquare TLR-2005KSH 1.1.4.

Product: Telesquare TLR-2005KSH

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26002

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26003

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26004

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26005

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26006

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26007

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26008

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26010

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26011

NVD References: https://github.com/Fan-24/Digging/blob/main/3/1.md

NVD References: https://github.com/Fan-24/Digging/tree/main/2

NVD References: https://github.com/Fan-24/Digging/blob/main/5/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/6/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/7/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/4/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/10/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/2/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/9/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/8/1.md

CVE-2025-25686 - semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.

Product: semcms <=5.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25686

NVD References: https://github.com/J1095/fkapfxx

CVE-2025-28138 - TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Product: TOTOLINK A800R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28138

NVD References: https://sudsy-eyeliner-a59.notion.site/RCE2-1ac72b8cd95f8055a76ee0ca262aac1a?pvs=4

CVE-2024-54502 - Processing maliciously crafted web content may lead to an unexpected process crash.

Product: Multiple Apple products

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54502

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

CVE-2024-54508 - Processing maliciously crafted web content may lead to an unexpected process crash.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54508

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

CVE-2024-54534 - Processing maliciously crafted web content may lead to memory corruption.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54534

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

CVE-2025-26941 - Andy Moyle Church Admin is vulnerable to SQL Injection from versions n/a through 5.0.18.

Product: Andy Moyle Church Admin

Active Installations: 900+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26941

NVD References: https://patchstack.com/database/wordpress/plugin/church-admin/vulnerability/wordpress-church-admin-plugin-5-0-18-sql-injection-vulnerability?_s_id=cve

CVE-2025-28904 - Shamalli Web Directory Free from n/a through 1.7.6 allows Blind SQL Injection via improper neutralization of special elements in an SQL command (SQL Injection) vulnerability.

Product: Shamalli Web Directory Free

Active Installations: 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28904

NVD References: https://patchstack.com/database/wordpress/plugin/web-directory-free/vulnerability/wordpress-web-directory-free-plugin-1-7-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-28942 - Trust Payments Gateway for WooCommerce allows SQL injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 1.1.4.

Product: Trust Payments Gateway for WooCommerce

Active Installations: 400+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28942

NVD References: https://patchstack.com/database/wordpress/plugin/trust-payments-hosted-payment-pages-integration/vulnerability/wordpress-trust-payments-gateway-for-woocommerce-plugin-1-1-4-sql-injection-vulnerability?_s_id=cve

CVE-2025-28893 - Visual Text Editor is vulnerable to Code Injection, allowing Remote Code Inclusion from version n/a through 1.2.1.

Product: Visual Text Editor

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28893

NVD References: https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2025-28898 - WP Multistore Locator is vulnerable to SQL Injection in versions from n/a through 2.5.2.

Product: WP Multistore Locator

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28898

NVD References: https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multistore-locator-plugin-2-5-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-28916 - Docpro allows PHP Local File Inclusion due to Improper Control of Filename for Include/Require Statement.

Product: Docpro

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28916

NVD References: https://patchstack.com/database/wordpress/plugin/docpro/vulnerability/wordpress-docpro-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-30524 - Product Catalog allows SQL Injection due to improper neutralization of special elements in SQL commands, impacting versions n/a through 1.0.4.

Product: origincode Product Catalog

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30524

NVD References: https://patchstack.com/database/wordpress/plugin/displayproduct/vulnerability/wordpress-product-catalog-plugin-1-0-4-sql-injection-vulnerability?_s_id=cve

CVE-2025-26873 - Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.

Product: Shinetheme Traveler

Active Installations: unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26873

NVD References: https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-php-object-injection-vulnerability?_s_id=cve

Product: CrushFTP

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2825

NVD References:

- https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update

- https://www.rapid7.com/blog/post/2025/03/25/etr-notable-vulnerabilities-in-next-js-cve-2025-29927/

Product: SCRIPT CASE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25535

NVD References:

- https://github.com/simalamuel/Research/tree/main/CVE-2025-25535

- https://www.besafebrasil.com.br/script-case-cve-2025-xx-xxxx/

CVE-2025-26002 through CVE-2025-26008, CVE-2025-26010, CVE-2025-26011 - Multiple vulnerabilities in Telesquare TLR-2005KSH 1.1.4.

Product: Telesquare TLR-2005KSH

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26002

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26003

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26004

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26005

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26006

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26007

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26008

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26010

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26011

NVD References: https://github.com/Fan-24/Digging/blob/main/3/1.md

NVD References: https://github.com/Fan-24/Digging/tree/main/2

NVD References: https://github.com/Fan-24/Digging/blob/main/5/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/6/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/7/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/4/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/10/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/2/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/9/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/8/1.md

CVE-2025-25686 - semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.

Product: semcms <=5.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25686

NVD References: https://github.com/J1095/fkapfxx

CVE-2025-28138 - TOTOLINK A800R V4.1.2cu.5137_B20200730 contains a remote command execution vulnerability in the setNoticeCfg function through the NoticeUrl parameter.

Product: TOTOLINK A800R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28138

NVD References: https://sudsy-eyeliner-a59.notion.site/RCE2-1ac72b8cd95f8055a76ee0ca262aac1a?pvs=4

CVE-2024-54502 - Processing maliciously crafted web content may lead to an unexpected process crash.

Product: Multiple Apple products

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54502

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

CVE-2024-54508 - Processing maliciously crafted web content may lead to an unexpected process crash.

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54508

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

CVE-2024-54534 - Processing maliciously crafted web content may lead to memory corruption.

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54534

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

CVE-2025-26941 - Andy Moyle Church Admin is vulnerable to SQL Injection from versions n/a through 5.0.18.

Product: Andy Moyle Church Admin

Active Installations: 900+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26941

NVD References: https://patchstack.com/database/wordpress/plugin/church-admin/vulnerability/wordpress-church-admin-plugin-5-0-18-sql-injection-vulnerability?_s_id=cve

CVE-2025-28904 - Shamalli Web Directory Free from n/a through 1.7.6 allows Blind SQL Injection via improper neutralization of special elements in an SQL command (SQL Injection) vulnerability.

Product: Shamalli Web Directory Free

Active Installations: 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28904

NVD References: https://patchstack.com/database/wordpress/plugin/web-directory-free/vulnerability/wordpress-web-directory-free-plugin-1-7-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-28942 - Trust Payments Gateway for WooCommerce allows SQL injection due to improper neutralization of special elements in SQL commands, affecting versions from n/a through 1.1.4.

Product: Trust Payments Gateway for WooCommerce

Active Installations: 400+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28942

NVD References: https://patchstack.com/database/wordpress/plugin/trust-payments-hosted-payment-pages-integration/vulnerability/wordpress-trust-payments-gateway-for-woocommerce-plugin-1-1-4-sql-injection-vulnerability?_s_id=cve

CVE-2025-28893 - Visual Text Editor is vulnerable to Code Injection, allowing Remote Code Inclusion from version n/a through 1.2.1.

Product: Visual Text Editor

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28893

NVD References: https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2025-28898 - WP Multistore Locator is vulnerable to SQL Injection in versions from n/a through 2.5.2.

Product: WP Multistore Locator

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28898

NVD References: https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multistore-locator-plugin-2-5-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-28916 - Docpro allows PHP Local File Inclusion due to Improper Control of Filename for Include/Require Statement.

Product: Docpro

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28916

NVD References: https://patchstack.com/database/wordpress/plugin/docpro/vulnerability/wordpress-docpro-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-30524 - Product Catalog allows SQL Injection due to improper neutralization of special elements in SQL commands, impacting versions n/a through 1.0.4.

Product: origincode Product Catalog

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30524

NVD References: https://patchstack.com/database/wordpress/plugin/displayproduct/vulnerability/wordpress-product-catalog-plugin-1-0-4-sql-injection-vulnerability?_s_id=cve

CVE-2025-26873 - Deserialization of Untrusted Data vulnerability in Shinetheme Traveler.This issue affects Traveler: from n/a through 3.1.8.

Product: Shinetheme Traveler

Active Installations: unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26873

NVD References: https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-php-object-injection-vulnerability?_s_id=cve

Product: Telesquare TLR-2005KSH

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26002

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26003

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26004

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26005

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26006

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26007

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26008

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26010

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26011

NVD References: https://github.com/Fan-24/Digging/blob/main/3/1.md

NVD References: https://github.com/Fan-24/Digging/tree/main/2

NVD References: https://github.com/Fan-24/Digging/blob/main/5/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/6/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/7/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/4/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/10/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/2/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/9/1.md

NVD References: https://github.com/Fan-24/Digging/blob/main/8/1.md

Product: semcms <=5.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25686

NVD References: https://github.com/J1095/fkapfxx

Product: TOTOLINK A800R

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28138

NVD References: https://sudsy-eyeliner-a59.notion.site/RCE2-1ac72b8cd95f8055a76ee0ca262aac1a?pvs=4

Product: Multiple Apple products

CVSS Score: 6.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54502

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

Product: Multiple Apple products

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54508

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

Product: Multiple Apple products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-54534

ISC Diary: https://isc.sans.edu/diary/31816

ISC Podcast: https://isc.sans.edu/podcastdetail/9390

NVD References:

- https://support.apple.com/en-us/121837

- https://support.apple.com/en-us/121839

- https://support.apple.com/en-us/121843

- https://support.apple.com/en-us/121844

- https://support.apple.com/en-us/121845

- https://support.apple.com/en-us/121846

Product: Andy Moyle Church Admin

Active Installations: 900+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26941

NVD References: https://patchstack.com/database/wordpress/plugin/church-admin/vulnerability/wordpress-church-admin-plugin-5-0-18-sql-injection-vulnerability?_s_id=cve

Product: Shamalli Web Directory Free

Active Installations: 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28904

NVD References: https://patchstack.com/database/wordpress/plugin/web-directory-free/vulnerability/wordpress-web-directory-free-plugin-1-7-6-sql-injection-vulnerability?_s_id=cve

Product: Trust Payments Gateway for WooCommerce

Active Installations: 400+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28942

NVD References: https://patchstack.com/database/wordpress/plugin/trust-payments-hosted-payment-pages-integration/vulnerability/wordpress-trust-payments-gateway-for-woocommerce-plugin-1-1-4-sql-injection-vulnerability?_s_id=cve

Product: Visual Text Editor

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28893

NVD References: https://patchstack.com/database/wordpress/plugin/visual-text-editor/vulnerability/wordpress-visual-text-editor-plugin-1-2-1-remote-code-execution-rce-vulnerability?_s_id=cve

Product: WP Multistore Locator

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28898

NVD References: https://patchstack.com/database/wordpress/plugin/wp-multi-store-locator/vulnerability/wordpress-wp-multistore-locator-plugin-2-5-2-sql-injection-vulnerability?_s_id=cve

Product: Docpro

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28916

NVD References: https://patchstack.com/database/wordpress/plugin/docpro/vulnerability/wordpress-docpro-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve

Product: origincode Product Catalog

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30524

NVD References: https://patchstack.com/database/wordpress/plugin/displayproduct/vulnerability/wordpress-product-catalog-plugin-1-0-4-sql-injection-vulnerability?_s_id=cve

Product: Shinetheme Traveler

Active Installations: unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26873

NVD References: https://patchstack.com/database/wordpress/theme/traveler/vulnerability/wordpress-traveler-theme-3-1-8-php-object-injection-vulnerability?_s_id=cve