SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
[Guest Diary] Exploring a Use Case of Artificial Intelligence Assistance with Understanding an Attack
Published: 2025-05-28
Last Updated: 2025-05-28 13:48:55 UTC
by Jennifer Wilson, SANS.edu BACS Student (Version: 1)
[This is a Guest Diary by Jennifer Wilson, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program.]
As part of my BACS internship with SANS, I setup and maintained a DShield honeypot instance using a physical Raspberry Pi device. As I was putting together each of my attack observations that were due, I started to wonder how helpful AI would be. One of the things I wanted to do when I started the internship was to step outside of my comfort zone. While I have read a lot about AI, I have only used it a handful of times. So, I wondered if it would lead me astray? Would it provide valid actionable data?
In this blog post, I will explore how accurate and helpful ChatGPT is with identifying one of the more unique attacks I say over the past few months.
To set the stage, I first noticed this attack after running the cowrieprocessor script on my honeypot. The attack occurred on 2025-04-20 and came from IP address ... . The total attack occurred over a duration of 62.83 seconds. According to AbuseIPDB, the IP has been reported 300 times, and it has been marked with a 100% confidence of abuse. This IP has been busy in the world. Along with this basic data, the following commands were captured being ran on the honeypot ...
Read the full entry: https://isc.sans.edu/diary/Guest+Diary+Exploring+a+Use+Case+of+Artificial+Intelligence+Assistance+with+Understanding+an+Attack/31980/
SVG Steganography
Published: 2025-05-26
Last Updated: 2025-05-26 16:31:33 UTC
by Johannes Ullrich (Version: 1)
Didier recently published several diaries related to steganography. I have to admit that steganography isn't exactly my favorite topic. It is one of those "neat" infosec toys, but its applicability is limited. Data exfiltration usually does not require proper steganography, but just appending data to an image will usually work just fine.
On the other hand, it looks like the kids still like and enjoy diaries about steganography. For one of my recent podcasts, a viewer left a message asking about the use of SVG images for steganography, to avoid some of the loss issues with compressed image formats. Image formats break down into two basic types: Bitmap and vector image formats. Most images you see are bitmap or pixel-based. These formats tend to be easier to create and display. However, they have the disadvantage of not being able to scale up, and the image size can become quite large, which in turn requires compression. While there are some commonly used lossless compression formats, many image formats accept some loss in detail to enhance compression. Steganography takes advantage of similar colors being indistinguishable from each other. However, the same issue is used by compression algorithms. Neighboring pixels with similar colors are often approximated by changing them all to the same color, simplifying compression.
The images below use JPEG compression. The "uncompressed" version on the left is 130kBytes, while the compressed version is around 23kBytes. For a quick glance, the images are identical, but if you zoom in a bit, you will probably see the "blockiness" of the compressed image caused by adjusting the colors. This compression would wipe out any steganography message ...
Read the full entry: https://isc.sans.edu/diary/SVG+Steganography/31978/
Securing Your SSH authorized_keys File
Published: 2025-05-27
Last Updated: 2025-05-27 15:44:43 UTC
by Johannes Ullrich (Version: 1)
This is nothing "amazingly new", but more of a reminder to secure your "authorized_keys" file for SSH. One of the first things I see even simple bots do to obtain persistent access to a UNIX system is to add a key to the authorized_keys file of whatever account they are compromising.
So here are a few things you can do to make your "authorized_keys" file more secure:
authorized_keys file location
The default location is .ssh/authorized_keys and .ssh/authorized_keys2. Make sure to specify a location (default is fine, but more later). One file is fine. the "authorized_keys2" file was used back in the day to retain backward compatibility with older SSH versions. Most importantly, you want to control the location of the file, and for the later discussion, we are going to assume the default location.
File Permissions
This is probably the easiest change you can make. By default, most systems set the permissions to "0600" and make the file owned by the user. This looks "ok" at first as only the user has read/write access. But in this case, we try to prevent someone who compromised the user's credentials from modifying the file. A better option is to make sure the file is owned by the root and set to read-only (0444). The user must still be able to read the file, so 0400 will not work if the file is owned by root. Next, you may also set the "immutable" flag. It does not offer a ton of extra security, as the attacker has to be root anyway, but it offers some more detection capabilities ...
Read the full entry: https://isc.sans.edu/diary/Securing+Your+SSH+authorizedkeys+File/31986/
Resilient Secure Backup Connectivity for SMB/Home Users (2025.05.22)
https://isc.sans.edu/diary/Resilient+Secure+Backup+Connectivity+for+SMBHome+Users/31972/
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
Product: Multiple Fortinet products
CVSS Score: 0
** KEV since 2025-05-14 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32756
ISC Podcast: https://isc.sans.edu/podcastdetail/9466
Product: Meteobridge web interface
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4008
ISC Podcast: https://isc.sans.edu/podcastdetail/9468
NVD References:
- https://forum.meteohub.de/viewtopic.php?t=18687
- https://www.onekey.com/resource/security-advisory-remote-command-execution-on-smartbedded-meteobridge-cve-2025-4008
Product: Samlify Node.js library for SAML single sign-on
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47949
ISC Podcast: https://isc.sans.edu/podcastdetail/9464
Product: Netgear DGND3700
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4978
NVD References:
- https://github.com/at0de/my_vulns/blob/main/Netgear/DGND3700v2/backdoor.md
Product: Schweitzer Engineering Laboratories Software-Defined Network Flow Controller
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48017
NVD References: https://selinc.com/products/software/latest-software-versions/
Product: D-Link DI-8100
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44083
NVD References: https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-1.md
Product: D-Link DI-8100
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44084
NVD References: https://github.com/piposy/IOTsec/blob/main/Dlink/DI8100/DI8100-A1-2.md
Product: Langroid TableChatAgent
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46724
NVD References:
- https://github.com/langroid/langroid/commit/0d9e4a7bb3ae2eef8d38f2e970ff916599a2b2a6
- https://github.com/langroid/langroid/security/advisories/GHSA-jqq5-wc57-f8hj
Product: vLLM PyNcclPipe
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47277
NVD References:
- https://docs.vllm.ai/en/latest/deployment/security.html
- https://github.com/vllm-project/vllm/security/advisories/GHSA-hjq4-87xh-g4fv
Product: Wavlink WL-WN579A3
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44880
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44881
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44882
NVD References:
Product: FW WGS-804HPT
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44883
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44884
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44885
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44886
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44887
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44888
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44889
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44890
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44891
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44893
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44894
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44896
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44897
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-44898
NVD References:
- https://lafdrew.github.io/2025/04/20/web-tacplus-serverEdit-post-tacIp/
- https://lafdrew.github.io/2025/04/20/web-sys-infoContact-post-contact/
- https://lafdrew.github.io/2025/04/20/web-snmpv3-remote-engineId-add-post-remote-ip/
- https://lafdrew.github.io/2025/04/20/web-acl-mgmt-Rules-Edit-post-ruleEditName/
- https://lafdrew.github.io/2025/04/20/web-radiusSrv-post-radIp/
- https://lafdrew.github.io/2025/04/20/web-stp-globalSetting-post-stp-conf-name/
- https://lafdrew.github.io/2025/04/20/web-snmp-notifyv3-add-post-host-ip/
- https://lafdrew.github.io/2025/04/20/web-snmp-v3host-add-post-host-ip/
- https://lafdrew.github.io/2025/04/20/web-acl-mgmt-Rules-Apply-post-ruleName/
- https://lafdrew.github.io/2025/04/20/web-radiusSrv-dftParam-post-radDftParamKey/
- https://lafdrew.github.io/2025/04/18/web-acl-bindEdit-post-bindEditMACName-StackOverflow/
- https://lafdrew.github.io/2025/04/20/web-tool-upgradeManager-post-tftp-srvip/
- https://lafdrew.github.io/2025/04/18/web-aaa-loginAuthlistEdit-get-authName-StackOverflow/
Product: Spring Security
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41232
NVD References: http://spring.io/security/cve-2025-41232
Product: TYPO3 sr_feuser_register extension
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48200
NVD References: https://typo3.org/security/advisory/typo3-ext-sa-2025-008
Product: IEEE P802.11-REVme
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27558
NVD References: https://github.com/vanhoefm/fragattacks-survey-public/blob/main/README.md
Product: AutomationDirect MB-Gateway embedded web server
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36535
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-09
Product: Vertiv products
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41426
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-10
- https://www.vertiv.com/en-us/support/security-support-center/
Product: Vertiv Webserver Functions
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46412
NVD References:
- https://www.cisa.gov/news-events/ics-advisories/icsa-25-140-10
- https://www.vertiv.com/en-us/support/security-support-center/
Product: Infoblox NETMRI
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32814
NVD References: https://support.infoblox.com/s/article/Infoblox-NetMRI-is-vulnerable-to-CVE-2025-32814
Product: Ocuco Innovation INNOVASERVICEINTF.EXE, REPORTSERVER.EXE, INVCLIENT.EXE, and REPORTS.EXE
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41195
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41196
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41197
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41198
NVD References: https://gist.githubusercontent.com/john0x186/1d9cc7fcc8386480d2bdaa9fdcfa914b/raw/d2d3d74ccaa939127ee2b03139061509a7dd238c/full-disclosure.md
Product: Multiple WSO2 products
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-6914
NVD References: https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3561/
Product: Mobile Dynamix PrinterShare Mobile Print
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5098
NVD References: https://korelogic.com/Resources/Advisories/KL-001-2025-003.txt
Product: Mobile Dynamix PrinterShare Mobile Print
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5099
NVD References: https://korelogic.com/Resources/Advisories/KL-001-2025-004.txt
Product: Zohocorp ManageEngine ADAudit Plus
CVSS Score: 8.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36527
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41407
ISC Podcast: https://isc.sans.edu/podcastdetail/9468
NVD References:
- https://www.manageengine.com/products/active-directory-audit/cve-2025-36527.html
- https://www.manageengine.com/products/active-directory-audit/cve-2025-41407.html
Product: Phpgurukul Restaurant Table Booking System
CVSS Score: 9.8
Product: Canon Multifunction Printers
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-2146
NVD References:
- https://canon.jp/support/support-info/250127vulnerability-response
- https://psirt.canon/advisory-information/cp2025-001/
- https://www.canon-europe.com/support/product-security/#news
Product: Apache NuttX RTOS Bluetooth Stack
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-35003
NVD References:
- https://github.com/apache/nuttx/pull/16179
- https://lists.apache.org/thread/k4xzz3jhkx48zxw9vwmqrmm4hmg78vsj
Product: openSUSE Tumbleweed cyrus-imapd
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23394
NVD References: https://bugzilla.suse.com/show_bug.cgi?id=CVE-2025-23394
Product: vBulletin 5.0.0 through 5.7.5 and 6.0.0 through 6.0.3CVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48827NVD References: - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce- https://kevintel.com/CVE-2025-48827- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/CVE-2025-48828 - vBulletin versions are vulnerable to arbitrary PHP code execution through Template Conditionals abuse, allowing attackers to bypass security checks and execute code in an alternative function syntax.Product: vBulletin Certain vBulletin versionsCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48828NVD References: - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce- https://kevintel.com/CVE-2025-48828- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/CVE-2025-41651 - The vulnerable product allows unauthenticated remote attackers to execute arbitrary commands and potentially compromise the entire system by exploiting missing authentication on a critical function.Product: Weidmueller Industrial ethernet switchesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651NVD References: https://certvde.com/en/advisories/VDE-2025-044/CVE-2025-41652 - The vulnerable product is at risk of authentication bypass from flaws in the authorization mechanism, allowing unauthenticated remote attackers to compromise the device through brute-force attacks or MD5 collision techniques.Product: Weidmueller Industrial ethernet switchesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652NVD References: https://certvde.com/en/advisories/VDE-2025-044/CVE-2025-32440 - NetAlertX allows attackers to bypass authentication and trigger sensitive functions by sending crafted requests to /index.php prior to version 25.4.14.Product: NetAlertXCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440NVD References: - https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14- https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrxCVE-2025-47934 - OpenPGP.js is vulnerable to a flaw where a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed.Product: OpenPGP.js OpenPGP protocolCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47934ISC Podcast: https://isc.sans.edu/podcastdetail/9460 CVE-2025-4322 - The Motors theme for WordPress is vulnerable to privilege escalation through account takeover, allowing unauthenticated attackers to change user passwords and gain administrative access.Product: WordPress Motors themeActive Installations: Update to version 5.6.68, or a newer patched versionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4322NVD References: - http://themeforest.net/item/motors-car-dealership-wordpress-theme/13987211- https://www.wordfence.com/threat-intel/vulnerabilities/id/61820ca5-5548-4155-b350-df3db1bc1661?source=cveCVE-2025-4094 - The DIGITS WordPress Mobile Number Signup and Login plugin before 8.4.6.1 allows attackers to easily bruteforce OTP validation attempts due to lack of rate limiting.Product: DIGITS WordPress Mobile Number Signup and Login WordPress pluginActive Installations: UnknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4094NVD References: https://wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/CVE-2025-4524 - The Madara WordPress theme is vulnerable to Local File Inclusion in versions up to 2.2.2, allowing unauthenticated attackers to execute arbitrary files on the server.Product: Madara Responsive and modern WordPress theme for manga sitesActive Installations: Update to version 2.2.2.1, or a newer patched versionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4524NVD References: - https://mangabooth.com/product/wp-manga-theme-madara/- https://www.wordfence.com/threat-intel/vulnerabilities/id/a3ee01da-218a-421d-8f9c-1dc6c056ef74?source=cveCVE-2025-31049 - Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.Product: Themeton DashActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31049NVD References: https://patchstack.com/database/wordpress/theme/dash/vulnerability/wordpress-dash-1-3-php-object-injection-vulnerability?_s_id=cveCVE-2025-31056 - WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce is vulnerable to SQL Injection from n/a through 1.1.0.Product: Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerceActive Installations: unknownCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31056NVD References: https://patchstack.com/database/wordpress/plugin/whatscart-for-woocommerce/vulnerability/wordpress-whatscart-plugin-1-1-0-s…
Product: vBulletin Certain vBulletin versionsCVSS Score: 9.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48828NVD References: - https://karmainsecurity.com/dont-call-that-protected-method-vbulletin-rce- https://kevintel.com/CVE-2025-48828- https://blog.kevintel.com/vbulletin-replaceadtemplate-kev/CVE-2025-41651 - The vulnerable product allows unauthenticated remote attackers to execute arbitrary commands and potentially compromise the entire system by exploiting missing authentication on a critical function.Product: Weidmueller Industrial ethernet switchesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651NVD References: https://certvde.com/en/advisories/VDE-2025-044/CVE-2025-41652 - The vulnerable product is at risk of authentication bypass from flaws in the authorization mechanism, allowing unauthenticated remote attackers to compromise the device through brute-force attacks or MD5 collision techniques.Product: Weidmueller Industrial ethernet switchesCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652NVD References: https://certvde.com/en/advisories/VDE-2025-044/CVE-2025-32440 - NetAlertX allows attackers to bypass authentication and trigger sensitive functions by sending crafted requests to /index.php prior to version 25.4.14.Product: NetAlertXCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440NVD References: - https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14- https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrxCVE-2025-47934 - OpenPGP.js is vulnerable to a flaw where a maliciously modified message can be passed to either `openpgp.verify` or `openpgp.decrypt`, causing these functions to return a valid signature verification result while returning data that was not actually signed.Product: OpenPGP.js OpenPGP protocolCVSS Score: 0NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47934ISC Podcast: https://isc.sans.edu/podcastdetail/9460 CVE-2025-4322 - The Motors theme for WordPress is vulnerable to privilege escalation through account takeover, allowing unauthenticated attackers to change user passwords and gain administrative access.Product: WordPress Motors themeActive Installations: Update to version 5.6.68, or a newer patched versionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4322NVD References: - http://themeforest.net/item/motors-car-dealership-wordpress-theme/13987211- https://www.wordfence.com/threat-intel/vulnerabilities/id/61820ca5-5548-4155-b350-df3db1bc1661?source=cveCVE-2025-4094 - The DIGITS WordPress Mobile Number Signup and Login plugin before 8.4.6.1 allows attackers to easily bruteforce OTP validation attempts due to lack of rate limiting.Product: DIGITS WordPress Mobile Number Signup and Login WordPress pluginActive Installations: UnknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4094NVD References: https://wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/CVE-2025-4524 - The Madara WordPress theme is vulnerable to Local File Inclusion in versions up to 2.2.2, allowing unauthenticated attackers to execute arbitrary files on the server.Product: Madara Responsive and modern WordPress theme for manga sitesActive Installations: Update to version 2.2.2.1, or a newer patched versionCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4524NVD References: - https://mangabooth.com/product/wp-manga-theme-madara/- https://www.wordfence.com/threat-intel/vulnerabilities/id/a3ee01da-218a-421d-8f9c-1dc6c056ef74?source=cveCVE-2025-31049 - Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.Product: Themeton DashActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31049NVD References: https://patchstack.com/database/wordpress/theme/dash/vulnerability/wordpress-dash-1-3-php-object-injection-vulnerability?_s_id=cveCVE-2025-31056 - WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce is vulnerable to SQL Injection from n/a through 1.1.0.Product: Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerceActive Installations: unknownCVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31056NVD References: https://patchstack.com/database/wordpress/plugin/whatscart-for-woocommerce/vulnerability/wordpress-whatscart-plugin-1-1-0-sql-injection-vulnerability?_s_id=cveCVE-2025-31069 - HotStar Ð Multi-Purpose Business Theme is vulnerable to object injection via deserialization of untrusted data from versions n/a through 1.4.Product: themeton HotStar Ð Multi-Purpose Business ThemeActive Installations: unknownCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31069NVD References: https://patchstack.com/database/wordpress/theme/hotstar/vulnerability/wordpress-hotstar-multi-purpose-business-theme-1-4-php-object-injection-vulnerability?_s_id=cveCVE-202…
Product: Weidmueller Industrial ethernet switches
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41651
NVD References: https://certvde.com/en/advisories/VDE-2025-044/
Product: Weidmueller Industrial ethernet switches
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41652
NVD References: https://certvde.com/en/advisories/VDE-2025-044/
Product: NetAlertX
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-32440
NVD References:
- https://github.com/jokob-sk/NetAlertX/releases/tag/v25.4.14
- https://github.com/jokob-sk/NetAlertX/security/advisories/GHSA-h4x5-vr54-vjrx
Product: OpenPGP.js OpenPGP protocol
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47934
ISC Podcast: https://isc.sans.edu/podcastdetail/9460
Product: WordPress Motors theme
Active Installations: Update to version 5.6.68, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4322
NVD References:
- http://themeforest.net/item/motors-car-dealership-wordpress-theme/13987211
Product: DIGITS WordPress Mobile Number Signup and Login WordPress plugin
Active Installations: Unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4094
NVD References: https://wpscan.com/vulnerability/b5f0a263-644b-4954-a1f0-d08e2149edbb/
Product: Madara Responsive and modern WordPress theme for manga sites
Active Installations: Update to version 2.2.2.1, or a newer patched version
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4524
NVD References:
Product: Themeton Dash
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31049
NVD References: https://patchstack.com/database/wordpress/theme/dash/vulnerability/wordpress-dash-1-3-php-object-injection-vulnerability?_s_id=cve
Product: Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce
Active Installations: unknown
CVSS Score: 9.3
Product: themeton HotStar Ð Multi-Purpose Business Theme
Active Installations: unknown
CVSS Score: 9.8
Product: SmartCMS Bus Ticket Booking with Seat Reservation for WooCommerce
Active Installations: 1,000+
CVSS Score: 9.3
Product: AncoraThemes Umberto
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31423
NVD References: https://patchstack.com/database/wordpress/theme/umberto/vulnerability/wordpress-umberto-1-2-8-php-object-injection-vulnerability?_s_id=cve
Product: themeton The Business
Active Installations: unknown
CVSS Score: 9.8
Product: AncoraThemes Fish House
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31631
NVD References: https://patchstack.com/database/wordpress/theme/fish-house/vulnerability/wordpress-fish-house-1-2-7-php-object-injection-vulnerability?_s_id=cve
Product: kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder
Active Installations: unknown
CVSS Score: 9.3
Product: joy2012bd JP Students Result Management System Premium
Active Installations: unknown
CVSS Score: 9.0
Product: QuantumCloud Simple Business Directory Pro
Active Installations: unknown
CVSS Score: 9.8
Product: themeton Acerola
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31927
NVD References: https://patchstack.com/database/wordpress/theme/acerola/vulnerability/wordpress-acerola-1-6-5-php-object-injection-vulnerability?_s_id=cve
Product: AncoraThemes Jarvis Ð Night Club, Concert, Festival WordPress
Active Installations: unknown
CVSS Score: 9.8
Product: ThemeMakers Car Dealer
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39480
NVD References: https://patchstack.com/database/wordpress/theme/cardealer/vulnerability/wordpress-car-dealer-1-6-6-php-object-injection-vulnerability?_s_id=cve
Product: ThemeGoods Grand Tour | Travel Agency WordPress
Active Installations: unknown
CVSS Score: 9.8
Product: pebas CouponXL
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39489
NVD References: https://patchstack.com/database/wordpress/theme/couponxl/vulnerability/wordpress-couponxl-4-5-0-privilege-escalation-vulnerability?_s_id=cve
Product: BoldThemes Avantage
Active Installations: unknown
CVSS Score: 9.8
Product: BoldThemes Medicare
Active Installations: unknown
CVSS Score: 9.8
Product: Goodlayers Hostel
Active Installations: unknown
CVSS Score: 9.8
Product: Goodlayers Hostel
Active Installations: unknown
CVSS Score: 9.3
Product: Goodlayers Hotel
Active Installations: unknown
CVSS Score: 9.8
Product: GoodLayers GoodLayers Hotel
Active Installations: unknown
CVSS Score: 9.3
Product: IndigoThemes WP HRM LITE
Active Installations: This plugin has been closed as of April 24, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.3
Product: Detheme Easy Guide
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46460
NVD References: https://patchstack.com/database/wordpress/plugin/wp-easy-guide/vulnerability/wordpress-easy-guide-1-0-0-sql-injection-vulnerability?_s_id=cve
Product: WPFable Fable Extra
Active Installations: 1,000+
CVSS Score: 9.8
Product: WPFable Fable Extra
Active Installations: 1,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-46539
NVD References: https://patchstack.com/database/wordpress/plugin/fable-extra/vulnerability/wordpress-fable-extra-1-0-6-sql-injection-vulnerability?_s_id=cve
Product: wordwebsoftware Crossword Compiler Puzzles
Active Installations: 400+
CVSS Score: 9.9
Product: WPFunnels
Active Installations: 8,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47530
NVD References: https://patchstack.com/database/wordpress/plugin/wpfunnels/vulnerability/wordpress-wpfunnels-3-5-18-php-object-injection-vulnerability?_s_id=cve
Product: CoinPayments CoinPayments.net Payment Gateway for WooCommerce
Active Installations: 2,000+
CVSS Score: 9.8
Product: Themewinter Eventin
Active Installations: 10,000+
CVSS Score: 9.8
Product: ZoomIt ZoomSounds
Active Installations: unknown
CVSS Score: 9.8
Product: Facturante
Active Installations: This plugin hasnÕt been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47599
NVD References: https://patchstack.com/database/wordpress/plugin/facturante/vulnerability/wordpress-facturante-1-11-sql-injection-vulnerability?_s_id=cve
Product: STAGGS
Active Installations: 300+
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47637
NVD References: https://patchstack.com/database/wordpress/plugin/staggs/vulnerability/wordpress-staggs-2-10-1-arbitrary-file-upload-vulnerability?_s_id=cve
Product: Printcart Web to Print Product Designer for WooCommerce
Active Installations: 100+
CVSS Score: 9.3
Product: Printcart Web to Print Product Designer for WooCommerce
Active Installations: 100+
CVSS Score: 10.0
Product: Ajar Productions Ajar in5 Embed
Active Installations: 300+
CVSS Score: 10.0
Product: Gilblas Ngunte Possi PSW Front-end Login & Registration
Active Installations: 90+
CVSS Score: 9.8
Product: ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System
Active Installations: 400+
CVSS Score: 9.9
Product: mojoomla Hospital Management System
Active Installations: unknown
CVSS Score: 9.9
Product: StoreKeeper B.V. StoreKeeper for WooCommerce
Active Installations: 50+
CVSS Score: 10.0
Product: Majestic Support
Active Installations: 3,000+
CVSS Score: 9.3
Product: Pagaleve Pix 4x sem juros
Active Installations: 100+
CVSS Score: 9.8
Product: AncoraThemes Kids Planet
Active Installations: unknown
CVSS Score: 9.8
Product: eMagicOne Store Manager for WooCommerce plugin
Active Installations: This plugin has been closed as of May 21, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4603
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/242ad00b-3602-4988-ab7a-76fba2e9d4cf?source=cve
Product: eMagicOne Store Manager for WooCommerce plugin
Active Installations: This plugin has been closed as of May 21, 2025 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5058
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/8a00ece0-6644-4535-86aa-d0802d94a1a7?source=cve
Wish traditional vulnerability management could do more? You're probably facing a few challenges: 1. Incomplete asset visibility 2. No real prioritization 3. Chasing CVEs that don't matter 4. Lack of business context 5. Too reactive and too slow. Uplevel to Vulnerability Management 2.0 with CTEM |
Webcast | Be a DLP Hero: How to Quickly Deliver Value from Your DLP Program and Set It Up for Future Success | June 4, 1:00 ET Join us for this practical, insight-packed webcast and learn how to confidently launch or strengthen your DLP program for immediate value and long-term success. Save your seat today:
Webcast | SANS First Look: Leveraging Dropzone AI to Handle Tier 1 Alert Triage | June 6 | 1:00 PM ET Too many Tier 1 alerts? Discover how Dropzone AI automates triage and restores sanity to your SOC. Save your seat now:
Survey | Attack Surface Vulnerability Management Final days to weigh in. Share your insights, help the cybersecurity community, and be entered to win a $100 Amazon gift card.