Internet Storm Center Spotlight


INTERNET STORM CENTER SPOTLIGHT

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

[Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack

Published: 2025-05-28

Last Updated: 2025-05-28 13:48:55 UTC

by Jennifer Wilson, SANS.edu BACS Student (Version: 1)

[This is a Guest Diary by Jennifer Wilson, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program.]

As part of my BACS internship with SANS, I setup and maintained a DShield honeypot instance using a physical Raspberry Pi device.  As I was putting together each of my attack observations that were due, I started to wonder how helpful AI would be. One of the things I wanted to do when I started the internship was to step outside of my comfort zone. While I have read a lot about AI, I have only used it a handful of times. So, I wondered if it would lead me astray? Would it provide valid actionable data?

In this blog post, I will explore how accurate and helpful ChatGPT is with identifying one of the more unique attacks I say over the past few months.

To set the stage, I first noticed this attack after running the cowrieprocessor script on my honeypot. The attack occurred on 2025-04-20 and came from IP address ... . The total attack occurred over a duration of 62.83 seconds. According to AbuseIPDB, the IP has been reported 300 times, and it has been marked with a 100% confidence of abuse. This IP has been busy in the world. Along with this basic data, the following commands were captured being ran on the honeypot ...

Read the full entry: https://isc.sans.edu/diary/Guest+Diary+Exploring+a+Use+Case+of+Artificial+Intelligence+Assistance+with+Understanding+an+Attack/31980/

SVG Steganography

Published: 2025-05-26

Last Updated: 2025-05-26 16:31:33 UTC

by Johannes Ullrich (Version: 1)

Didier recently published several diaries related to steganography. I have to admit that steganography isn't exactly my favorite topic. It is one of those "neat" infosec toys, but its applicability is limited. Data exfiltration usually does not require proper steganography, but just appending data to an image will usually work just fine. 

On the other hand, it looks like the kids still like and enjoy diaries about steganography. For one of my recent podcasts, a viewer left a message asking about the use of SVG images for steganography, to avoid some of the loss issues with compressed image formats. Image formats break down into two basic types: Bitmap and vector image formats. Most images you see are bitmap or pixel-based. These formats tend to be easier to create and display. However, they have the disadvantage of not being able to scale up, and the image size can become quite large, which in turn requires compression. While there are some commonly used lossless compression formats, many image formats accept some loss in detail to enhance compression. Steganography takes advantage of similar colors being indistinguishable from each other. However, the same issue is used by compression algorithms. Neighboring pixels with similar colors are often approximated by changing them all to the same color, simplifying compression.

The images below use JPEG compression. The "uncompressed" version on the left is 130kBytes, while the compressed version is around 23kBytes. For a quick glance, the images are identical, but if you zoom in a bit, you will probably see the "blockiness" of the compressed image caused by adjusting the colors. This compression would wipe out any steganography message ...

Read the full entry: https://isc.sans.edu/diary/SVG+Steganography/31978/

Securing Your SSH authorized_keys File

Published: 2025-05-27

Last Updated: 2025-05-27 15:44:43 UTC

by Johannes Ullrich (Version: 1)

This is nothing "amazingly new", but more of a reminder to secure your "authorized_keys" file for SSH. One of the first things I see even simple bots do to obtain persistent access to a UNIX system is to add a key to the authorized_keys file of whatever account they are compromising. 

So here are a few things you can do to make your "authorized_keys" file more secure:

authorized_keys file location

The default location is .ssh/authorized_keys and .ssh/authorized_keys2. Make sure to specify a location (default is fine, but more later). One file is fine. the "authorized_keys2" file was used back in the day to retain backward compatibility with older SSH versions. Most importantly, you want to control the location of the file, and for the later discussion, we are going to assume the default location.

File Permissions

This is probably the easiest change you can make. By default, most systems set the permissions to "0600" and make the file owned by the user. This looks "ok" at first as only the user has read/write access. But in this case, we try to prevent someone who compromised the user's credentials from modifying the file. A better option is to make sure the file is owned by the root and set to read-only (0444). The user must still be able to read the file, so 0400 will not work if the file is owned by root. Next, you may also set the "immutable" flag. It does not offer a ton of extra security, as the attacker has to be root anyway, but it offers some more detection capabilities ...

Read the full entry: https://isc.sans.edu/diary/Securing+Your+SSH+authorizedkeys+File/31986/

Internet Storm Center Entries


Resilient Secure Backup Connectivity for SMB/Home Users (2025.05.22)

https://isc.sans.edu/diary/Resilient+Secure+Backup+Connectivity+for+SMBHome+Users/31972/

Recent CVEs


The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-32756 - Fortinet FortiVoice, FortiRecorder, FortiMail, FortiNDR, and FortiCamera are vulnerable to a stack-based buffer overflow allowing remote attackers to execute arbitrary code via specially crafted HTTP requests.

Product: Multiple Fortinet products

CVSS Score: 0

** KEV since 2025-05-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32756

ISC Podcast: https://isc.sans.edu/podcastdetail/9466

CVE-2025-4008 - Meteobridge web interface allows remote attackers to execute arbitrary commands as root through a vulnerable endpoint.

Product: Meteobridge web interface

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4008

ISC Podcast: https://isc.sans.edu/podcastdetail/9468

NVD References: 

- https://forum.meteohub.de/viewtopic.php?t=18687

- https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008

CVE-2025-47949 - Samlify is vulnerable to a Signature Wrapping attack, prior to version 2.10.0, allowing attackers to forge a SAML Response and authenticate as any user.

Product: Samlify Node.js library for SAML single sign-on

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47949

ISC Podcast: https://isc.sans.edu/podcastdetail/9464

CVE-2025-4978 - Netgear DGND3700 1.1.00.15_1.00.15NA has a very critical vulnerability in Basic Authentication leading to improper authentication, allowing for remote attacks after disclosure to the public.

Product: Netgear DGND3700

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4978

NVD References: 

- https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md

- https://www.netgear.com/

CVE-2025-48017 - Improper limitation of pathname in Circuit Provisioning and File Import applications allows modification and uploading of files.

Product: Schweitzer Engineering Laboratories Software-Defined Network Flow Controller

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48017

NVD References: https://selinc.com/products/software/latest-software-versions/

CVE-2025-44083 - An issue in D-Link DI-8100 16.07.26A1 allows a remote attacker to bypass administrator login authentication

Product: D-Link DI-8100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44083

NVD References: https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-1.md

CVE-2025-44084 - D-link DI-8100 16.07.26A1 is vulnerable to Command Injection, allowing attackers to gain the highest privilege shell access through crafted HTTP requests.

Product: D-Link DI-8100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44084

NVD References: https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md

CVE-2025-46724 - Langroid's TableChatAgent prior to version 0.53.15 is vulnerable to code injection when using `pandas eval()` with untrusted user input, but has since added input sanitization and warnings in the documentation to address this issue.

Product: Langroid TableChatAgent

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46724

NVD References: 

- https://github.com/langroid/langroid/commit/0d9e4a7bb3ae2eef8d38f2e970ff916599a2b2a6

- https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj

CVE-2025-47277 - vLLM is vulnerable in versions 0.6.5 through 0.8.4 in environments using the `PyNcclPipe` KV cache transfer integration with the V0 engine, affecting only those configurations.

Product: vLLM PyNcclPipe

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47277

NVD References: 

- https://docs.vllm.ai/en/latest/deployment/security.html

- https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv

CVE-2025-44880, CVE-2025-44881, CVE-2025-44882 - Wavlink WL-WN579A3 v1.0 multiple command injection vulnerabilities

Product: Wavlink WL-WN579A3

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44880

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44881

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44882

NVD References: 

- https://lafdrew.github.io/2025/03/27/Remote-Command-Execution-in-adm-cgi-of-wavlink-WL-WN579A3-Device/

- https://lafdrew.github.io/2025/03/31/Remote-Command-Execution-in-qos-cgi-of-wavlink-WL-WN579A3-Device/

- https://lafdrew.github.io/2025/03/31/Remote-Command-Execution-in-firewall-cgi-of-wavlink-WL-WN579A3-Device/

CVE-2025-44883 through CVE-2025-44888, CVE-2025-44890, CVE-2025-44891, CVE-2025-44893, CVE-2025-44894, CVE-2025-44896 through CVE-2025-44898 - FW-WGS-804HPT v1.305b241111 multiple stack overflow vulnerabilities

Product: FW WGS-804HPT

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44883

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44884

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44885

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44886

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44887

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44888

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44889

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44890

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44891

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44893  

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44894

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44896

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44897

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44898

NVD References: 

- https://lafdrew.github.io/2025/04/20/web-tacplus-serverEdit-post-tacIp/

- https://lafdrew.github.io/2025/04/20/web-sys-infoContact-post-contact/

- https://lafdrew.github.io/2025/04/20/web-snmpv3-remote-engineId-add-post-remote-ip/

- https://lafdrew.github.io/2025/04/20/web-acl-mgmt-Rules-Edit-post-ruleEditName/

- https://lafdrew.github.io/2025/04/20/web-radiusSrv-post-radIp/

- https://lafdrew.github.io/2025/04/20/web-stp-globalSetting-post-stp-conf-name/

- https://lafdrew.github.io/2025/04/20/web-snmp-notifyv3-add-post-host-ip/

- https://lafdrew.github.io/2025/04/20/web-snmp-v3host-add-post-host-ip/

- https://lafdrew.github.io/2025/04/20/web-acl-mgmt-Rules-Apply-post-ruleName/

- https://lafdrew.github.io/2025/04/20/web-radiusSrv-dftParam-post-radDftParamKey/

- https://lafdrew.github.io/2025/04/18/web-acl-bindEdit-post-bindEditMACName-StackOverflow/

- https://lafdrew.github.io/2025/04/20/web-tool-upgradeManager-post-tftp-srvip/

- https://lafdrew.github.io/2025/04/18/web-aaa-loginAuthlistEdit-get-authName-StackOverflow/

CVE-2025-41232 - Spring Security Aspects may not correctly locate method security annotations on private methods, potentially leading to an authorization bypass.

Product: Spring Security

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41232

NVD References: http://spring.io/security/cve-2025-41232

CVE-2025-48200 - The sr_feuser_register extension through 12.4.8 for TYPO3 allows Remote Code Execution.

Product: TYPO3 sr_feuser_register extension

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48200

NVD References: https://typo3.org/security/advisory/typo3-ext-sa-2025-008

CVE-2025-27558 - IEEE P802.11-REVme D1.1 through D7.0 is vulnerable to FragAttacks against mesh networks, allowing adversaries to inject arbitrary frames towards supported devices.

Product: IEEE P802.11-REVme

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27558

NVD References: https://github.com/vanhoefm/fragattacks-survey-public/blob/main/README.md

CVE-2025-36535 - The embedded web server lacks authentication and access controls, leading to unrestricted remote access and potential configuration changes or arbitrary code execution.

Product: AutomationDirect MB-Gateway embedded web server

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36535

NVD References: 

- https://www.automationdirect.com/adc/shopping/catalog/communications/protocol_gateways/modbus_gateways/eki-1221-ce

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-09

CVE-2025-41426 - Vertiv products are vulnerable to a stack based buffer overflow allowing attackers to execute code on the device.

Product: Vertiv products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41426

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-10

- https://www.vertiv.com/en-us/support/security-support-center/

CVE-2025-46412 - Affected Vertiv products do not properly protect webserver functions that could allow an attacker to bypass authentication.

Product: Vertiv Webserver Functions

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46412

NVD References: 

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-10

- https://www.vertiv.com/en-us/support/security-support-center/

CVE-2025-32814 - An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.

Product: Infoblox NETMRI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32814

NVD References: https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814

CVE-2024-48853 - ASPECT is vulnerable to an escalation of privilege, allowing non-root users to gain root access on servers.

Product: Iconics ASPECT 

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48853

CVE-2025-2409 - ASPECT vulnerability allows attackers to overwrite system files with compromised session administrator credentials.

Product: ASPECT-Enterprise

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2409

CVE-2025-2410 - ASPECT can be exploited to manipulate TCP/IP port access if admin credentials are compromised, affecting versions up to 3.08.03.

Product: ASPECT-Enterprise

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2410

CVE-2025-30171 - ASPECT system file deletion vulnerabilities allow attackers to delete system files if session administrator credentials are compromised in versions up to 3.08.03.

Product: ASPECT-Enterprise

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30171

CVE-2024-41195 through CVE-2024-41198 - Ocuco Innovation authentication bypass vulnerabilities

Product: Ocuco Innovation INNOVASERVICEINTF.EXE, REPORTSERVER.EXE, INVCLIENT.EXE, and REPORTS.EXE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41195

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41196

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41197

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41198

NVD References: https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md

CVE-2024-6914 - WSO2 products contain a vulnerability that allows a malicious actor to reset any user account password, potentially leading to a complete account takeover.

Product: Multiple WSO2 products

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6914

NVD References: https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3561/

CVE-2025-5098 - PrinterShare Android application is vulnerable to capturing Gmail authentication tokens for unauthorized access to user accounts.

Product: Mobile Dynamix PrinterShare Mobile Print

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5098

NVD References: https://korelogic.com/Resources/Advisories/KL-001-2025-003.txt

CVE-2025-5099 - The vulnerable product experiences an Out of Bounds Write vulnerability during PDF rendering, leading to possible memory corruption and arbitrary code execution.

Product: Mobile Dynamix PrinterShare Mobile Print

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5099

NVD References: https://korelogic.com/Resources/Advisories/KL-001-2025-004.txt

CVE-2025-36527 & CVE-2025-41407 - Zohocorp ManageEngineÊADAudit Plus versions below 8511 are vulnerable to SQL injection.

Product: Zohocorp  ManageEngine ADAudit Plus

CVSS Score: 8.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36527

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41407

ISC Podcast: https://isc.sans.edu/podcastdetail/9468

NVD References: 

- https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html

- https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html

CVE-2024-51101 - PHPGURUKUL Restaurant Table Booking System v1.0 contains a SQL injection vulnerability in the searchdata parameter at /rtbs/check-status.php.

Product: Phpgurukul Restaurant Table Booking System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51101

NVD References: https://github.com/0xBhushan/Writeups/blob/main/CVE/phpGurukul/Restaurant%20Table%20Booking%20System%20using%20PHP%20and%20MySQL/SQL%20Injection-Search.pdf

CVE-2025-2146 - Satera MF656Cdw/Satera MF654Cdw/Satera MF551dw/Satera MF457dw firmware v05.07 and earlier sold in Japan are vulnerable to a buffer overflow in WebService Authentication processing, allowing attackers on the network segment to render the product unresponsive or execute arbitrary code.

Product: Canon Multifunction Printers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2146

NVD References: 

- https://canon.jp/support/support-info/250127vulnerability-response

- https://psirt.canon/advisory-information/cp2025-001/

- https://www.canon-europe.com/support/product-security/#news

- https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers

CVE-2025-35003 - Apache NuttX RTOS Bluetooth Stack (HCI and UART components) is vulnerable to improper memory buffer operations and stack-based buffer overflow, leading to potential system crashes, denial of service, or arbitrary code execution from maliciously crafted packets, with a fix available in version 12.9.0.

Product: Apache NuttX RTOS Bluetooth Stack

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35003

NVD References: 

- https://github.com/apache/nuttx/pull/16179

- https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj

- http://www.openwall.com/lists/oss-security/2025/05/26/1

CVE-2025-23394 - openSUSE Tumbleweed cyrus-imapd allows escalation from cyrus to root due to a UNIX Symbolic Link (Symlink) Following vulnerability.

Product: openSUSE Tumbleweed cyrus-imapd

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23394

NVD References: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23394

CVE-2025-48827 - vBulletin versions 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3 on PHP 8.1 or later allow unauthenticated users to access protected API controllers' methods via /api.php?method=protectedMethod.

Product: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48827

NVD References: 

- https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

- https://kevintel.com/CVE-2025-48827

- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/

CVE-2025-48828 - vBulletin versions are vulnerable to arbitrary PHP code execution through Template Conditionals abuse, allowing attackers to bypass security checks and execute code in an alternative function syntax.

Product: vBulletin Certain vBulletin versions

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48828

NVD References: 

- https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce

- https://kevintel.com/CVE-2025-48828

https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/

CVE-2025-41651 - The vulnerable product allows unauthenticated remote attackers to execute arbitrary commands and potentially compromise the entire system by exploiting missing authentication on a critical function.

Product: Weidmueller Industrial ethernet switches

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651

NVD References: https://certvde.com/en/advisories/VDE-2025-044/

CVE-2025-41652 - The vulnerable product is at risk of authentication bypass from flaws in the authorization mechanism, allowing unauthenticated remote attackers to compromise the device through brute-force attacks or MD5 collision techniques.

Product: Weidmueller Industrial ethernet switches

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652

NVD References: https://certvde.com/en/advisories/VDE-2025-044/

CVE-2025-32440 - NetAlertX allows attackers to bypass authentication and trigger sensitive functions by sending crafted requests to /index.php prior to version 25.4.14.

Product: NetAlertX

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440

NVD References: 

- https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14

- https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx

CVE-2025-47934 - OpenPGP.js is vulnerable to a flaw where a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed.

Product: OpenPGP.js OpenPGP protocol

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47934

ISC Podcast: https://isc.sans.edu/podcastdetail/9460

 

CVE-2025-4322 - The Motors theme for WordPress is vulnerable to privilege escalation through account takeover, allowing unauthenticated attackers to change user passwords and gain administrative access.

Product: WordPress Motors theme

Active Installations: Update to version 5.6.68, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4322

NVD References: 

- http://themeforest.net/item/motors-car-dealership-wordpress-theme/13987211

- https://www.wordfence.com/threat-intel/vulnerabilities/id/61820ca5-5548-4155-b350-df3db1bc1661?source=cve

CVE-2025-4094 - The DIGITS WordPress Mobile Number Signup and Login plugin before 8.4.6.1 allows attackers to easily bruteforce OTP validation attempts due to lack of rate limiting.

Product: DIGITS WordPress Mobile Number Signup and Login WordPress plugin

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4094

NVD References: https://wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/

CVE-2025-4524 - The Madara WordPress theme is vulnerable to Local File Inclusion in versions up to 2.2.2, allowing unauthenticated attackers to execute arbitrary files on the server.

Product: Madara Responsive and modern WordPress theme for manga sites

Active Installations: Update to version 2.2.2.1, or a newer patched version

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4524

NVD References: 

- https://mangabooth.com/product/wp-manga-theme-madara/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a3ee01da-218a-421d-8f9c-1dc6c056ef74?source=cve

CVE-2025-31049 - Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.

Product: Themeton Dash

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31049

NVD References: https://patchstack.com/database/wordpress/theme/dash/vulnerability/wordpress-dash-1-3-php-object-injection-vulnerability?_s_id=cve

CVE-2025-31056 - WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce is vulnerable to SQL Injection from n/a through 1.1.0.

Product: Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31056

NVD References: https://patchstack.com/database/wordpress/plugin/whatscart-for-woocommerce/vulnerability/wordpress-whatscart-plugin-1-1-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-31069 - HotStar Ð Multi-Purpose Business Theme is vulnerable to object injection via deserialization of untrusted data from versions n/a through 1.4.

Product: themeton HotStar Ð Multi-Purpose Business Theme

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31069

NVD References: https://patchstack.com/database/wordpress/theme/hotstar/vulnerability/wordpress-hotstar-multi-purpose-business-theme-1-4-php-object-injection-vulnerability?_s_id=cve

CVE-2025-31397 - Bus Ticket Booking with Seat Reservation for WooCommerce is vulnerable to SQL Injection from version n/a through 1.7.

Product: SmartCMS Bus Ticket Booking with Seat Reservation for WooCommerce

Active Installations: 1,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31397

NVD References: https://patchstack.com/database/wordpress/plugin/scw-bus-seat-reservation/vulnerability/wordpress-bus-ticket-booking-with-seat-reservation-for-woocommerce-plugin-1-7-sql-injection-vulnerability?_s_id=cve

CVE-2025-31423 - Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection. This issue affects Umberto: from n/a through 1.2.8.

Product: AncoraThemes Umberto

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31423

NVD References: https://patchstack.com/database/wordpress/theme/umberto/vulnerability/wordpress-umberto-1-2-8-php-object-injection-vulnerability?_s_id=cve

CVE-2025-31430 - Themeton The Business is vulnerable to object injection through deserialization of untrusted data from version n/a through 1.6.1.

Product: themeton The Business

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31430

NVD References: https://patchstack.com/database/wordpress/theme/nrgbusiness/vulnerability/wordpress-the-business-1-6-1-php-object-injection-vulnerability?_s_id=cve

CVE-2025-31631 - AncoraThemes Fish House is vulnerable to object injection through the deserialization of untrusted data, impacting versions from n/a to 1.2.7.

Product: AncoraThemes Fish House

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31631

NVD References: https://patchstack.com/database/wordpress/theme/fish-house/vulnerability/wordpress-fish-house-1-2-7-php-object-injection-vulnerability?_s_id=cve

CVE-2025-31914 - Pixel WordPress Form BuilderPlugin & Autoresponder is vulnerable to Blind SQL Injection through improper neutralization of special elements used in an SQL command.

Product: kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31914

NVD References: https://patchstack.com/database/wordpress/plugin/pixel-formbuilder/vulnerability/wordpress-pixel-wordpress-form-builderplugin-autoresponder-1-0-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-31916 - JP Students Result Management System Premium allows unrestricted upload of dangerous files, enabling the upload of web shells to a web server.

Product: joy2012bd JP Students Result Management System Premium

Active Installations: unknown

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31916

NVD References: https://patchstack.com/database/wordpress/plugin/jp-students-result-system-premium/vulnerability/wordpress-jp-students-result-management-system-premium-plugin-1-1-7-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-31918 - Simple Business Directory Pro has an Incorrect Privilege Assignment vulnerability allowing for Privilege Escalation from versions n/a through 15.4.8.

Product: QuantumCloud Simple Business Directory Pro

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31918

NVD References: https://patchstack.com/database/wordpress/plugin/simple-business-directory-pro/vulnerability/wordpress-simple-business-directory-pro-15-4-8-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-31927 - Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5.

Product: themeton Acerola

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31927

NVD References: https://patchstack.com/database/wordpress/theme/acerola/vulnerability/wordpress-acerola-1-6-5-php-object-injection-vulnerability?_s_id=cve

CVE-2025-32292 - AncoraThemes Jarvis Ð Night Club, Concert, Festival WordPress is vulnerable to object injection via deserialization of untrusted data in versions n/a through 1.8.11.

Product: AncoraThemes Jarvis Ð Night Club, Concert, Festival WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32292

NVD References: https://patchstack.com/database/wordpress/theme/jarvis/vulnerability/wordpress-jarvis-night-club-concert-festival-wordpress-1-8-11-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39480 - ThemeMakers Car Dealer is vulnerable to Object Injection through the deserialization of untrusted data, impacting versions from n/a to 1.6.6.

Product: ThemeMakers Car Dealer

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39480

NVD References: https://patchstack.com/database/wordpress/theme/cardealer/vulnerability/wordpress-car-dealer-1-6-6-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39485 - Grand Tour | Travel Agency WordPress is vulnerable to deserialization of untrusted data, allowing object injection from version n/a through 5.5.1.

Product: ThemeGoods Grand Tour | Travel Agency WordPress

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39485

NVD References: https://patchstack.com/database/wordpress/theme/grandtour/vulnerability/wordpress-grandtour-theme-5-5-1-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39489 - Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0.

Product: pebas CouponXL

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39489

NVD References: https://patchstack.com/database/wordpress/theme/couponxl/vulnerability/wordpress-couponxl-4-5-0-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-39495 - Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6.

Product: BoldThemes Avantage

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39495

NVD References: https://patchstack.com/database/wordpress/theme/avantage/vulnerability/wordpress-avantage-theme-2-4-6-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39499 - Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection. This issue affects Medicare: from n/a through 2.1.0.

Product: BoldThemes Medicare

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39499

NVD References: https://patchstack.com/database/wordpress/theme/medicare/vulnerability/wordpress-medicare-theme-2-1-0-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39500 - GoodLayers Hostel is vulnerable to deserialization of untrusted data, allowing for Object Injection from version n/a through 3.1.2.

Product: Goodlayers Hostel

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39500

NVD References: https://patchstack.com/database/wordpress/plugin/gdlr-hostel/vulnerability/wordpress-goodlayers-hostel-plugin-3-1-2-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39501 - GoodLayers Hostel is vulnerable to Blind SQL Injection that affects versions from n/a through 3.1.2.

Product: Goodlayers Hostel

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39501

NVD References: https://patchstack.com/database/wordpress/plugin/gdlr-hostel/vulnerability/wordpress-goodlayers-hostel-plugin-3-1-2-sql-injection-vulnerability?_s_id=cve

CVE-2025-39503 - GoodLayers Goodlayers Hotel is vulnerable to Object Injection through the deserialization of untrusted data from n/a through 3.1.4.

Product: Goodlayers Hotel

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39503

NVD References: https://patchstack.com/database/wordpress/plugin/gdlr-hotel/vulnerability/wordpress-goodlayers-hotel-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve

CVE-2025-39504 - GoodLayers GoodLayers Hotel is vulnerable to Blind SQL Injection due to improper neutralization of special elements in SQL commands, affecting versions up to 3.1.4.

Product: GoodLayers GoodLayers Hotel

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39504

NVD References: https://patchstack.com/database/wordpress/plugin/gdlr-hotel/vulnerability/wordpress-goodlayers-hotel-plugin-3-1-4-sql-injection-vulnerability?_s_id=cve

CVE-2025-46455 - IndigoThemes WP HRM LITE is vulnerable to SQL Injection from n/a through 1.1, allowing attackers to manipulate SQL commands.

Product: IndigoThemes WP HRM LITE

Active Installations: This plugin has been closed as of April 24, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46455

NVD References: https://patchstack.com/database/wordpress/plugin/wp-hrm-lite-human-resource-management-system/vulnerability/wordpress-wp-hrm-lite-1-1-sql-injection-vulnerability?_s_id=cve

CVE-2025-46460 - Detheme Easy Guide version n/a through 1.0.0 is vulnerable to SQL Injection via improper neutralization of special elements.

Product: Detheme Easy Guide

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46460

NVD References: https://patchstack.com/database/wordpress/plugin/wp-easy-guide/vulnerability/wordpress-easy-guide-1-0-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-46468 - Fable Extra in WPFable Fable allows PHP Local File Inclusion from versions n/a through 1.0.6.

Product: WPFable Fable Extra

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46468

NVD References: https://patchstack.com/database/wordpress/plugin/fable-extra/vulnerability/wordpress-fable-extra-1-0-5-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-46539 - Fable Extra: Blind SQL Injection vulnerability in versions up to 1.0.6 allows for improper neutralization of special elements in SQL commands.

Product: WPFable Fable Extra

Active Installations: 1,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46539

NVD References: https://patchstack.com/database/wordpress/plugin/fable-extra/vulnerability/wordpress-fable-extra-1-0-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-46490 - WordWebSoftware Crossword Compiler Puzzles allows attackers to upload a web shell to a web server via an unrestricted file upload vulnerability.

Product: wordwebsoftware Crossword Compiler Puzzles

Active Installations: 400+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46490

NVD References: https://patchstack.com/database/wordpress/plugin/crossword-compiler-puzzles/vulnerability/wordpress-crossword-compiler-puzzles-5-2-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47530 - Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18.

Product: WPFunnels

Active Installations: 8,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47530

NVD References: https://patchstack.com/database/wordpress/plugin/wpfunnels/vulnerability/wordpress-wpfunnels-3-5-18-php-object-injection-vulnerability?_s_id=cve

CVE-2025-47532 - CoinPayments.net Payment Gateway for WooCommerce is vulnerable to Object Injection through deserialization of untrusted data from n/a through 1.0.17.

Product: CoinPayments CoinPayments.net Payment Gateway for WooCommerce

Active Installations: 2,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47532

NVD References: https://patchstack.com/database/wordpress/plugin/coinpayments-payment-gateway-for-woocommerce/vulnerability/wordpress-coinpayments-net-payment-gateway-for-woocommerce-1-0-17-php-object-injection-vulnerability?_s_id=cve

CVE-2025-47539 - Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.

Product: Themewinter Eventin

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47539

NVD References: https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-4-0-26-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-47568 - Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.

Product: ZoomIt ZoomSounds

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47568

NVD References: https://patchstack.com/database/wordpress/plugin/dzs-zoomsounds/vulnerability/wordpress-zoomsounds-plugin-6-91-php-object-injection-vulnerability?_s_id=cve

CVE-2025-47599 - Facturante is vulnerable to SQL Injection from versions n/a through 1.11.

Product: Facturante

Active Installations: This plugin hasnÕt been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47599

NVD References: https://patchstack.com/database/wordpress/plugin/facturante/vulnerability/wordpress-facturante-1-11-sql-injection-vulnerability?_s_id=cve

CVE-2025-47637 - STAGGS allows for unrestricted upload of dangerous file types, potentially enabling attackers to upload a web shell to a web server.

Product: STAGGS

Active Installations: 300+

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47637

NVD References: https://patchstack.com/database/wordpress/plugin/staggs/vulnerability/wordpress-staggs-2-10-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47640 - Printcart Web to Print Product Designer for WooCommerce version n/a through 2.3.8 allows SQL injection via improper neutralization of special elements in an SQL command.

Product: Printcart Web to Print Product Designer for WooCommerce

Active Installations: 100+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47640

NVD References: https://patchstack.com/database/wordpress/plugin/printcart-integration/vulnerability/wordpress-printcart-web-to-print-product-designer-for-woocommerce-2-3-6-sql-injection-vulnerability?_s_id=cve

CVE-2025-47641 - Printcart Web to Print Product Designer for WooCommerce versions n/a through 2.3.8 allows unrestricted upload of dangerous file types, enabling the potential upload of a web shell to a web server.

Product: Printcart Web to Print Product Designer for WooCommerce

Active Installations: 100+

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47641

NVD References: https://patchstack.com/database/wordpress/plugin/printcart-integration/vulnerability/wordpress-printcart-web-to-print-product-designer-for-woocommerce-2-3-6-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47642 - Ajar in5 Embed allows attackers to upload malicious files and execute them on a web server.

Product: Ajar Productions Ajar in5 Embed

Active Installations: 300+

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47642

NVD References: https://patchstack.com/database/wordpress/plugin/ajar-productions-in5-embed/vulnerability/wordpress-ajar-in5-embed-3-1-5-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47646 - Gilblas Ngunte Possi PSW Front-end Login & Registration has a weak password recovery mechanism that allows for exploitation, affecting versions n/a through 1.13.

Product: Gilblas Ngunte Possi PSW Front-end Login & Registration

Active Installations: 90+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47646

NVD References: https://patchstack.com/database/wordpress/plugin/psw-login-and-registration/vulnerability/wordpress-psw-front-end-login-registration-1-12-broken-authentication-vulnerability?_s_id=cve

CVE-2025-47658 - ELEX WordPress HelpDesk & Customer Ticketing System allows attackers to upload a web shell to a web server through unrestricted file uploads.

Product: ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System

Active Installations: 400+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47658

NVD References: https://patchstack.com/database/wordpress/plugin/elex-helpdesk-customer-support-ticket-system/vulnerability/wordpress-elex-wordpress-helpdesk-customer-ticketing-system-3-2-7-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-47663 - mojoomla Hospital Management System allows the unrestricted upload of dangerous file types, enabling attackers to upload web shells to a web server, affecting versions 47.0(20 through 11.

Product: mojoomla Hospital Management System

Active Installations: unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47663

NVD References: https://patchstack.com/database/wordpress/plugin/hospital-management/vulnerability/wordpress-hospital-management-system-plugin-47-0-20-11-2023-arbitrary-file-upload-vulnerability-2?_s_id=cve

CVE-2025-47687 - StoreKeeper B.V. StoreKeeper for WooCommerce allows attackers to upload dangerous files, such as web shells, to a web server.

Product: StoreKeeper B.V. StoreKeeper for WooCommerce

Active Installations: 50+

CVSS Score: 10.0 

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47687

NVD References: https://patchstack.com/database/wordpress/plugin/storekeeper-for-woocommerce/vulnerability/wordpress-storekeeper-for-woocommerce-14-4-4-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-48283 - Majestic Support is vulnerable to SQL Injection from version n/a through 1.1.0.

Product: Majestic Support

Active Installations: 3,000+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48283

NVD References: https://patchstack.com/database/wordpress/plugin/majestic-support/vulnerability/wordpress-majestic-support-1-1-0-sql-injection-vulnerability?_s_id=cve

CVE-2025-48287 - Pagaleve Pix 4x sem juros - Pagaleve is vulnerable to Object Injection via deserialization of untrusted data.

Product: Pagaleve Pix 4x sem juros

Active Installations: 100+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48287

NVD References: https://patchstack.com/database/wordpress/plugin/wc-pagaleve/vulnerability/wordpress-pix-4x-sem-juros-pagaleve-1-6-9-php-object-injection-vulnerability?_s_id=cve

CVE-2025-48289 - AncoraThemes Kids Planet is vulnerable to Object Injection through deserialization of untrusted data, affecting versions from n/a through 2.2.14.

Product: AncoraThemes Kids Planet

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48289

NVD References: https://patchstack.com/database/wordpress/theme/kidsplanet/vulnerability/wordpress-kids-planet-2-2-14-php-object-injection-vulnerability?_s_id=cve

CVE-2025-4603 - The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion, allowing unauthenticated attackers to potentially gain remote code execution on the server.

Product: eMagicOne Store Manager for WooCommerce plugin

Active Installations: This plugin has been closed as of May 21, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4603

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/242ad00b-3602-4988-ab7a-76fba2e9d4cf?source=cve

CVE-2025-5058 - The eMagicOne Store Manager for WooCommerce plugin for WordPress allows unauthenticated attackers to upload arbitrary files on a server, potentially enabling remote code execution, due to missing file type validation in the set_image() function in versions up to 1.2.5.

Product: eMagicOne Store Manager for WooCommerce plugin

Active Installations: This plugin has been closed as of May 21, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5058

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/8a00ece0-6644-4535-86aa-d0802d94a1a7?source=cve