The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Microsoft Patch Tuesday, July 2025

Published: 2025-07-08

Last Updated: 2025-07-08 18:24:33 UTC

by Johannes Ullrich (Version: 1)

Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed before being patched, and none of the vulnerabilities have so far been exploited.

Noteworthy Vulnerabilities:

CVE-2025-49695 and CVE-2025-49696: Both vulnerabilities affect Microsoft Office, are rated critical, and are considered "more likely" to be exploited by Microsoft. These issues do not require user interaction, so the user does not need to open a document. The exploit could be triggered via the preview pane. Macs are affected as well, but a patch is currently only available for Windows.

- https://nvd.nist.gov/vuln/detail/CVE-2025-49695

- https://nvd.nist.gov/vuln/detail/CVE-2025-49696

CVE-2025-49719: This vulnerability has already been made public. It does allow for information disclosure on a Microsoft SQL Server. To patch, you must patch the OLE DB Driver.

- https://nvd.nist.gov/vuln/detail/CVE-2025-49719

CVE-2025-49717: Exploitation is considered less likely for this vulnerability. But if exploited, it would allow code execution via a Microsoft SQL Server. Take this as additional motivation not to expose SQL servers.

- https://nvd.nist.gov/vuln/detail/CVE-2025-49717

CVE-2025-49704: I consider this vulnerability interesting as it appears to allow command/code injection in SharePoint. However, an attacker has to be authenticated to take advantage of this vulnerability.

- https://nvd.nist.gov/vuln/detail/CVE-2025-49704

Read the full entry: https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+July+2025/32088/

What's My (File)Name? (2025.07.07)

https://isc.sans.edu/diary/Whats+My+FileName/32084/

A few interesting and notable ssh/telnet usernames (2025.07.06)

https://isc.sans.edu/diary/A+few+interesting+and+notable+sshtelnet+usernames/32080/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-8963 - Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to access restricted functionality.

Product: Ivanti CSA

CVSS Score: 0

** KEV since 2024-09-19 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8963

ISC Podcast: https://isc.sans.edu/podcastdetail/9516

CVE-2024-9380 - Ivanti CSA before version 5.0.2 is vulnerable to OS command injection in the admin web console, enabling a remote authenticated attacker to execute remote code with admin privileges.

Product: Ivanti CSA

CVSS Score: 0

** KEV since 2024-10-09 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9380

ISC Podcast: https://isc.sans.edu/podcastdetail/9516

CVE-2025-47981 - Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.

Product: Microsoft Windows SPNEGO Extended Negotiation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47981

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47981

CVE-2025-5777 - Insufficient input validation leading to memory overread on the NetScaler Management Interface NetScaler ADC and NetScaler Gateway

Product: NetScaler ADC and NetScaler Gateway

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5777

ISC Podcast: https://isc.sans.edu/podcastdetail/9514

CVE-2025-53095 - Sunshine is vulnerable to Cross-Site Request Forgery attacks prior to version 2025.628.4510, allowing an attacker to execute arbitrary commands with Administrator privileges.

Product: Sunshine Moonlight

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53095

NVD References: https://github.com/LizardByte/Sunshine/security/advisories/GHSA-39hj-fxvw-758m

CVE-2025-41648 - IndustrialPI is vulnerable to remote attackers bypassing login and accessing and changing all device settings.

Product: IndustrialPI web application

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41648

NVD References: https://certvde.com/en/advisories/VDE-2025-039

CVE-2025-41656 - Node_RED has an unauthenticated remote code execution vulnerability due to lack of default authentication configuration.

Product: Node-RED server

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41656

NVD References: https://certvde.com/en/advisories/VDE-2025-045

CVE-2025-45872 - zrlog v3.1.5 was discovered to contain a Server-Side Request Forgery (SSRF) via the downloadUrl parameter.

Product: zrlog v3.1.5

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45872

CVE-2025-37099 - A remote code execution vulnerability exists in HPE Insight Remote Support (IRS) prior to v7.15.0.646.

Product: HPE Insight Remote Support

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-37099

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04878en_us&docLocale=en_US

CVE-2025-37103 - HPE Networking Instant On Access Points contain hard-coded login credentials, enabling unauthorized access and potential administrative control by remote attackers.

Product: HPE Networking Instant On Access Points

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-37103

NVD References: https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04894en_us&docLocale=en_US

CVE-2025-53104 - gluestack-ui had a command injection vulnerability in the discussion-to-slack.yml GitHub Actions workflow prior to commit e6b4271.

Product: NativeWind gluestack-ui

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53104

NVD References: https://github.com/gluestack/gluestack-ui/security/advisories/GHSA-432r-9455-7f9x

CVE-2025-45006 - Open-Source RISC-V Processor commit f517abb may enable physical memory access attacks due to improper retention of non-zero mstatus.SUM bit violating privileged spec constraints.

Product: Open-Souce RISC-V Processor commit f517abb

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45006

CVE-2025-52101 - Linjiashop versions less than 0.9 are vulnerable to Incorrect Access Control, allowing attackers to bypass authentication and access encrypted passwords and salts through brute-force cracking.

Product: linjiashop

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52101

CVE-2025-20309 - Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) have a vulnerability that allows an unauthenticated, remote attacker to log in to affected devices using default, static credentials for the root account.

Product: Cisco Unified Communications Manager

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20309

NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-ssh-m4UBdpE7

CVE-2025-45814 - NS3000 v8.1.1.125110, v7.2.8.124852, and v7.x and NS2000 v7.02.08 are vulnerable to session hijacking due to missing authentication checks in the query.fcgi endpoint.

Product: NetScaler NS2000

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45814

CVE-2025-45813 - ENENSYS IPGuard v2 2.10.0 was discovered to contain hardcoded credentials.

Product: ENENSYS IPGuard

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45813

CVE-2025-53599 - Whale browser for iOS before 3.9.1.4206 is vulnerable to malicious script execution through a crafted javascript scheme.

Product: Whale browser for iOS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53599

CVE-2025-53484 - Mediawiki - SecurePoll extension allows attackers to inject JavaScript and compromise user sessions by not properly escaping user-controlled inputs in VotePage.php (poll option input), ResultPage::getPagesTab(), and getErrorsTab().

Product: Mediawiki SecurePoll extension

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53484

CVE-2025-53495 and CVE-2025-53499 - Mediawiki - AbuseFilter Extension in Wikimedia Foundation allows Unauthorized Access due to Missing Authorization vulnerability.

Product: Mediawiki - AbuseFilter Extension

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53495

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53499

CVE-2025-48952 - NetAlertX is susceptible to a authentication bypass vulnerability in versions prior to 25.6.7, allowing users to bypass password verification using SHA-256 magic hashes.

Product: NetAlertX presence scanner

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48952

CVE-2025-26850 - Quest KACE Systems Management Appliance (SMA) before 14.0.97 and 14.1.x before 14.1.19 allows privilege escalation on managed systems.

Product: Quest KACE Systems Management Appliance (SMA)

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26850

CVE-2025-41672 - The vulnerable product allows a remote unauthenticated attacker to gain full access by using default certificates to generate JWT Tokens.

Product: Honeywell Enterprise Building Integrator (EBI)

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41672

NVD References: https://cert.vde.com/en/advisories/VDE-2025-057

NVD References: https://wago.csaf-tp.certvde.com/.well-known/csaf/white/2025/vde-2025-057.json

CVE-2025-3626 - Frauscher Sensortechnik FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi R2 and all previous versions are vulnerable to OS Command Injection via malicious configuration file.

Product: Frauscher Sensortechnik FDS101, FDS-SNMP101 and FDS102 for FAdC/FAdCi R2

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-3626

NVD References: https://certvde.com/en/advisories/VDE-2025-030

CVE-2025-43930 - Hashview 0.8.1 is vulnerable to account takeover through the password reset feature due to a lack of configuration for SERVER_NAME, allowing resets based on the Host HTTP header.

Product: Hashview 0.8.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43930

CVE-2025-43931 - Flask-boilerplate through a170e7c is vulnerable to account takeover via password reset due to unconfigured SERVER_NAME allowing an attacker to manipulate the Host HTTP header.

Product: Flask-Boilerplate

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43931

NVD References: https://gist.github.com/BrookeYangRui/19fcc6c19df7bb4d8437476c609a6129

CVE-2025-43932 - JobCenter is vulnerable to account takeover through the password reset feature due to SERVER_NAME not being configured, allowing a reset based on the Host HTTP header.

Product: JobCenter 7e7b0b2

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43932

CVE-2025-43933 - fblog is vulnerable to an account takeover through password reset due to missing SERVER_NAME configuration allowing a reset based on the Host HTTP header.

Product: fblog 983bede

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43933

CVE-2025-45065 - Employee record management system in php and mysql v1 contains a SQL injection vulnerability via the loginerms.php endpoint.

Product: PHP employee record management system

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45065

CVE-2025-45479 - Educoder challenges v1.0 has insufficient security mechanisms in containers, allowing attackers to execute arbitrary code by injecting crafted content.

Product: Educoder challenges v1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-45479

CVE-2025-47202 - Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400 are vulnerable to out-of-bounds writes due to a lack of length check in RRC.

Product: Samsung Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47202

NVD References: https://semiconductor.samsung.com/support/quality-support/product-security-updates/cve-2025-47202/

CVE-2024-25176 - LuaJIT through 2.1 has a stack-buffer-overflow in lj_strfmt_wfnum in lj_strfmt_num.c.

Product: LuaJIT

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25176

CVE-2024-25178 - LuaJIT through 2.1 has an out-of-bounds read in the stack-overflow handler in lj_state.c

Product: LuaJIT

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25178

CVE-2025-53529 - WeGIA is vulnerable to an SQL Injection in profile_funcionario.php, allowing unauthenticated attackers to inject SQL commands.

Product: WeGIA web manager for charitable institutions

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53529

CVE-2025-42963 - SAP NetWeaver Application server for Java Log Viewer allows authenticated administrators to exploit unsafe Java object deserialization, enabling full operating system compromise and granting attackers complete control over the affected system, severely impacting confidentiality, integrity, and availability.

Product: SAP NetWeaver Application server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42963

NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

CVE-2025-42964 - SAP NetWeaver Enterprise Portal Administration is vulnerable to content upload attacks that could compromise system security.

Product: SAP NetWeaver Enterprise Portal Administration

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42964

NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

CVE-2025-42966 - SAP NetWeaver XML Data Archiving Service is vulnerable to an insecure Java deserialization issue, potentially enabling an authenticated attacker with administrative privileges to compromise the confidentiality, integrity, and availability of the application.

Product: SAP NetWeaver XML Data Archiving Service

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42966

NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

CVE-2025-42967 - SAP S/4HANA and SAP SCM Characteristic Propagation allows remote code execution, granting attackers full control of the system and compromising the confidentiality, integrity, and availability of the application.

Product: SAP S/4HANA

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42967

NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

CVE-2025-NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20680 - SAP NetWeaver Enterprise Portal Federated Portal Network is vulnerable to a potential compromise of confidentiality, integrity, and availability when a privileged user uploads untrusted or malicious content.

Product: SAP NetWeaver Enterprise Portal

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-42980

NVD References: https://support.sap.com/en/my-support/knowledge-base/security-notes-news/july-2025.html

CVE-2025-20680 through CVE-2025-20684 - Multiple out-of-bounds write vulnerabilities.

Product: MediaTek Smartphone, Tablet, AIoT, Smart display, Smart platform, OTT, Computer Vision, Audio, and TV chipsets

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20680

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20681

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20682

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20683

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-20684

NVD References: https://corp.mediatek.com/product-security-bulletin/July-2025

CVE-2025-25270 - Phoenix Contact CHARX SEC-3xxx charging controllers are vulnerable to remote code execution as root due to unauthorized configuration alterations by a remote attacker.

Product: CHARX SEC-3xxx charging controllers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25270

NVD References: https://certvde.com/de/advisories/VDE-2025-019

CVE-2025-40736 - SINEC NMS (All versions < V4.0) allows unauthorized modification of administrative credentials, potentially granting full control to unauthenticated attackers.

Product: Siemens SINEC NMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40736

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-078892.html

CVE-2025-21450 - Cryptographic issue occurs due to use of insecure connection method while downloading.

Product: Qualcomm

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21450

NVD References: https://docs.qualcomm.com/product/publicresources/securitybulletin/july-2025-bulletin.html

CVE-2025-49695 - Use after free in Microsoft Office allows an unauthorized attacker to execute code locally.

Product: Microsoft Office

CVSS Score: 8.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49695

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49695

CVE-2025-49696 - Out-of-bounds read in Microsoft Office allows an unauthorized attacker to execute code locally.

Product: Microsoft Office

CVSS Score: 8.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49696

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49696

CVE-2025-49704 - Microsoft Office SharePoint is vulnerable to code injection, allowing attackers to execute code remotely.

Product: Microsoft Office SharePoint

CVSS Score: 8.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49704

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49704

CVE-2025-49717 - Heap-based buffer overflow in SQL Server allows an authorized attacker to execute code over a network.

Product: Microsoft SQL Server

CVSS Score: 8.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49717

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49717

CVE-2025-49719 - Improper input validation in SQL Server allows an unauthorized attacker to disclose information over a network.

Product: Microsoft SQL Server

CVSS Score: 7.5

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49719

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49719

CVE-2025-48384 - Git has a vulnerability that allows for unintentional execution of post-checkout hooks due to a trailing carriage return issue, fixed in versions v2.43.7 and above.

Product: Git

CVSS Score: 8.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48384

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://github.com/git/git/security/advisories/GHSA-vwqx-4fm8-6qc9

CVE-2025-48386 - Git has a vulnerability in the wincred credential helper that could lead to buffer overflows if not properly fixed in versions v2.43.7, v2.44.4, v2.45.4, v2.46.4, v2.47.3, v2.48.2, v2.49.1, and v2.50.1.

Product: Git wincred credential helper

CVSS Score: 6.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48386

ISC Diary: https://isc.sans.edu/diary/32088

NVD References: https://github.com/git/git/security/advisories/GHSA-4v56-3xvj-xvfr

CVE-2025-49535 - ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an XXE vulnerability allowing for a security feature bypass, leading to potential information disclosure or denial of service attacks.

Product: Adobe ColdFusion

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49535

NVD References: https://helpx.adobe.com/security/products/coldfusion/apsb25-69.html

CVE-2025-27203 - Adobe Connect versions 24.0 and earlier are vulnerable to a Deserialization of Untrusted Data flaw allowing attackers to execute arbitrary code through user interaction.

Product: Adobe Connect

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27203

NVD References: https://helpx.adobe.com/security/products/connect/apsb25-61.html

CVE-2025-49533 - Adobe Experience Manager versions 6.5.23.0 and earlier are vulnerable to arbitrary code execution due to a Deserialization of Untrusted Data flaw, without requiring user interaction.

Product: Adobe Experience Manager (MS)

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49533

NVD References: https://helpx.adobe.com/security/products/aem-forms/apsb25-67.html

CVE-2025-7206 - D-Link DIR-825 2.10 is vulnerable to a critical remote stack-based buffer overflow in its httpd component, allowing for attacks if the Language argument is manipulated, but only affects unsupported products.

Product: D-Link DIR-825

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7206

CVE-2025-6934 - The Opal Estate Pro plugin for WordPress allows unauthenticated attackers to escalate privileges by bypassing role restrictions during registration.

Product: Opal Estate Pro Property Management and Submission plugin for WordPress

Active Installations: This plugin has been closed as of May 17, 2024 and is not available for download. Reason: Security Issue.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6934

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/5d7b75a4-67b4-4347-91a6-dbf98da5ceaf?source=cve

CVE-2025-49029 - bitto.Kazi Custom Login And Signup Widget is vulnerable to Code Injection, allowing attackers to execute malicious code.

Product: bitto Kazi Custom Login And Signup Widget

Active Installations: unknown

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49029

NVD References: https://patchstack.com/database/wordpress/plugin/custom-login-and-signup-widget/vulnerability/wordpress-custom-login-and-signup-widget-plugin-1-0-arbitrary-code-execution-vulnerability?_s_id=cve

CVE-2025-4689 - The Ads Pro Plugin for WordPress is vulnerable to Local File Inclusion and SQL Injection, enabling unauthenticated attackers to execute code on the server and upload image files that can be fetched and executed as PHP code.

Product: Scripteo Ads Pro

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4689

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/038ddfcd-093b-4234-a0b8-a3bf9a3d329f?source=cve

CVE-2025-5746 - The Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads allowing unauthenticated attackers to potentially execute remote code on the affected site's server.

Product: WooCommerce Drag and Drop Multiple File Upload (Pro)

Active Installations: 6,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-5746

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/3c1f625e-4456-45e4-8a7f-809b22edb66b?source=cve

CVE-2024-13786 - The education theme for WordPress is vulnerable to PHP Object Injection up to version 3.6.10, allowing unauthenticated attackers to potentially inject a PHP Object via deserialization of untrusted input in the 'themerex_callback_view_more_posts' function.

Product: WordPress Education theme

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13786

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b27bc8-617a-4f98-954f-e49f87dca311?source=cve

CVE-2025-23968 - AiBud WP allows unrestricted upload of dangerous file types, enabling the potential upload of a web shell and compromising the web server, affecting versions from n/a through 1.8.5.

Product: WPCenter AiBud WP

Active Installations: 4,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23968

NVD References: https://patchstack.com/database/wordpress/plugin/aibuddy-openai-chatgpt/vulnerability/wordpress-aibud-wp-plugin-1-8-5-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-28951 - Bulk Featured Image plugin in CreedAlly allows attackers to upload a web shell to a web server through unrestricted file uploads.

Product: CreedAlly Bulk Featured Image

Active Installations: 900+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28951

NVD References: https://patchstack.com/database/wordpress/plugin/bulk-featured-image/vulnerability/wordpress-bulk-featured-image-plugin-1-2-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-23970 - Service Finder Booking: Incorrect Privilege Assignment vulnerability in aonetheme allows Privilege Escalation from n/a through 6.0.

Product: aonetheme Service Finder Booking

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-23970

NVD References: https://patchstack.com/database/wordpress/plugin/sf-booking/vulnerability/wordpress-service-finder-booking-6-0-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-28983 - Click & Pledge Connect is vulnerable to SQL Injection, leading to Privilege Escalation from version 25.04010101 through WP6.8.

Product: Click & Pledge Connect

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-28983

NVD References: https://patchstack.com/database/wordpress/plugin/click-pledge-connect/vulnerability/wordpress-click-pledge-connect-plugin-25-04010101-wp6-8-privilege-escalation-via-sql-injection-vulnerability?_s_id=cve

CVE-2025-30933 - LogisticsHub version n/a through 1.1.6 allows unrestricted upload of dangerous file types, enabling attackers to upload web shells to the server.

Product: LiquidThemes LogisticsHub

Active Installations: unknown

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30933

NVD References: https://patchstack.com/database/wordpress/theme/logistics-hub/vulnerability/wordpress-logisticshub-1-1-6-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-49414 - FW Gallery allows the unrestricted upload of dangerous file types, making it vulnerable to malicious files from n/a through 8.0.0.

Product: Fastw3b LLC FW Gallery

Active Installations: This plugin has been closed as of April 8, 2025 and is not available for download. Reason: Guideline Violation.

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49414

NVD References: https://patchstack.com/database/wordpress/plugin/fw-gallery/vulnerability/wordpress-fw-gallery-8-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-49417 - BestWpDeveloper WooCommerce Product Multi-Action is vulnerable to Object Injection through the deserialization of untrusted data in versions from n/a through 1.3.

Product: BestWpDeveloper WooCommerce Product Multi-Action

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49417

NVD References: https://patchstack.com/database/wordpress/plugin/woo-product-multiaction/vulnerability/wordpress-woocommerce-product-multi-action-1-3-deserialization-of-untrusted-data-vulnerability?_s_id=cve

CVE-2025-49867 - Incorrect Privilege Assignment vulnerability in InspiryThemes RealHomes allows Privilege Escalation. This issue affects RealHomes: from n/a through 4.4.0.

Product: InspiryThemes RealHomes

Active Installations: unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49867

NVD References: https://patchstack.com/database/wordpress/theme/realhomes/vulnerability/wordpress-realhomes-4-4-0-privilege-escalation-vulnerability?_s_id=cve

CVE-2025-52831 - Video List Manager is vulnerable to SQL Injection from version n/a through 1.7, allowing attackers to manipulate SQL commands.

Product: thanhtungtnt Video List Manager

Active Installations: unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52831

NVD References: https://patchstack.com/database/wordpress/plugin/video-list-manager/vulnerability/wordpress-video-list-manager-1-7-sql-injection-vulnerability?_s_id=cve

CVE-2025-52832 - NGG Smart Image Search allows SQL Injection via improper neutralization of special elements in SQL commands, affecting versions up to 3.4.1.

Product: wpo-HR NGG Smart Image Search

Active Installations: 500+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52832

NVD References: https://patchstack.com/database/wordpress/plugin/ngg-smart-image-search/vulnerability/wordpress-ngg-smart-image-search-3-4-1-sql-injection-vulnerability?_s_id=cve

CVE-2025-4828 - The Support Board plugin for WordPress is vulnerable to arbitrary file deletion, allowing attackers to delete files on the server and potentially execute remote code.

Product: WordPress Support Board plugin

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4828

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/33989611-8640-4c33-a34e-14f10cd7286d?source=cve

CVE-2025-4855 - The Support Board plugin for WordPress is susceptible to unauthorized data access and manipulation due to hardcoded default secrets, potentially allowing unauthenticated attackers to execute arbitrary actions and exploit CVE-2025-4828.

Product: WordPress Support Board plugin

Active Installations: 200+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4855

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/afd48bc8-d490-4a3e-97fc-70cf008cbf66?source=cve