The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

ModelScan - Protection Against Model Serialization Attacks

Published: 2025-02-17

Last Updated: 2025-02-18 00:37:10 UTC

by Russ McRee (Version: 1)

Protect AI’s OSS portfolio includes tools aimed at improving security of AI/ML software. These tools are meant for a wide range of engineering, security and ML practitioners including developers, security engineers/researchers, ML engineers, LLM engineers and prompt engineers, and data scientists.

Of particular interest in light of model serialization attacks is ModelScan.

Headlines as recent as 6 FEB 2025 remind us that the popular Python Pickle serialization format, common for distributing AI models, offers attackers opportunities to inject malicious code to be executed when loading models with PyTorch. See Malicious ML models discovered on Hugging Face platform. Post training, model’s mathematical representations can be stored in a variety of data serialization formats to be shared and reused without the need for additional model training. Pickle is a popular Python module used for serializing and deserializing ML model data. While easy to use, Pickle is considered an unsafe data format, as it allows Python code to be executed during ML model deserialization.

As you can imagine, even as protective measures are being implemented, safety scanning is still recommended. ModelScan offers such capabilities with ease and convenience. ModelScan is incredibly well documented and include notebooks to aid experimentation and adoption.

I’ll share my quick setup steps, modify to your liking and preferences. These assume you’re building from scratch including Jupyter ...

Read the full entry: https://isc.sans.edu/diary/ModelScan+Protection+Against+Model+Serialization+Attacks/31692/

XWorm Cocktail: A Mix of PE data with PowerShell Code

Published: 2025-02-19

Last Updated: 2025-02-19 07:39:49 UTC

by Xavier Mertens (Version: 1)

While hunting, I spent some time trying to deobfuscate a malicious file discovered on VT. It triggered my PowerShell rule. At the end, I found two files that look close together ...

They are identified as “data files,” and their upload names are, respectively, “XClient<.>exe” and “XingCode Unblocker 2025<.>exe". XignCode is anti-cheat software primarily used in online games to prevent cheating, hacking, and the use of unauthorized third-party tools. Note the typo in the file name!

When you open the file, you see this:

Read the full entry: https://isc.sans.edu/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700/

The Danger of IP Volatility (2025.02.15)

https://isc.sans.edu/diary/The+Danger+of+IP+Volatility/31688/

Fake BSOD Delivered by Malicious Python Script (2025.02.14)

https://isc.sans.edu/diary/Fake+BSOD+Delivered+by+Malicious+Python+Script/31686/

DShield SIEM Docker Updates (2025.02.13)

https://isc.sans.edu/diary/DShield+SIEM+Docker+Updates/31680/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-21391 - Windows Storage Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.1

** KEV since 2025-02-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21391

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21391

CVE-2025-21418 - Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1607

CVSS Score: 7.8

** KEV since 2025-02-11 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21418

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21418

CVE-2025-24200 - iPadOS, iOS, and iPadOS are vulnerable to an authorization issue due to poor state management, potentially allowing a physical attack to disable USB Restricted Mode and Apple is investigating reports of exploitation in sophisticated attacks against specific individuals.

Product: Apple iPadOS

CVSS Score: 6.1

** KEV since 2025-02-12 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24200

NVD References:

- https://support.apple.com/en-us/122173

- https://support.apple.com/en-us/122174

- http://seclists.org/fulldisclosure/2025/Feb/7

- http://seclists.org/fulldisclosure/2025/Feb/8

CVE-2025-24016 - Wazuh platform prior to version 4.9.1 is vulnerable to remote code execution due to an unsafe deserialization issue in DistributedAPI parameters serialization.

Product: Wazuh

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24016

NVD References: https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh

CVE-2025-1144 - Quanxun's School Affairs System exposes sensitive information, allowing unauthenticated attackers to access specific pages and obtain database information and plaintext administrator credentials.

Product: Quanxun School Affairs System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1144

NVD References:

- https://www.twcert.org.tw/en/cp-139-8416-b6cba-2.html

- https://www.twcert.org.tw/tw/cp-132-8415-853e0-1.html

CVE-2025-26410 - Wattsense Bridge devices have a security flaw with hard-coded credentials that can be easily recovered, allowing unauthorized access to the device.

Product: Wattsense Bridge

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26410

NVD References:

- https://r.sec-consult.com/wattsense

- https://support.wattsense.com/hc/en-150/articles/13366066529437-Release-Notes

CVE-2024-12366 - PandasAI is vulnerable to prompt injection, allowing attackers to execute arbitrary Python code and potentially achieve Remote Code Execution (RCE).

Product: PandasAI

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12366

NVD References:

- https://docs.getpanda.ai/v3/privacy-security

- https://docs.pandas-ai.com/advanced-security-agent

- https://www.kb.cert.org/vuls/id/148244

CVE-2024-10644 - Ivanti Connect Secure and Ivanti Policy Secure are vulnerable to code injection attacks, permitting remote code execution by an authenticated attacker with admin privileges.

Product: Ivanti Connect Secure

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10644

NVD References: https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

CVE-2024-47908 - Ivanti CSA before version 5.0.5 is vulnerable to OS command injection in the admin web console, allowing remote authenticated attackers with admin privileges to achieve remote code execution.

Product: Ivanti CSA

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47908

NVD References: https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-47908-CVE-2024-11771

CVE-2025-22467 - Ivanti Connect Secure before version 22.7R2.6 has a stack-based buffer overflow vulnerability, enabling a remote authenticated attacker to execute code.

Product: Ivanti Connect Secure

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22467

NVD References: https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs

CVE-2025-24973 - Concorde, formerly known as Nexkey, is vulnerable to session hijacking due to an improper logout process that allows authentication credentials to remain in cookies, posing a risk of token theft for users, especially those with admin privileges on shared devices.

Product: Misskey Concorde

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24973

NVD References:

- https://github.com/nexryai/concorde/commit/1f6ac9b289906083b132e4f9667a31a60ef83e4e

- https://github.com/nexryai/concorde/security/advisories/GHSA-2369-p2wh-7cc2

CVE-2025-1126 - A Reliance on Untrusted Inputs in a Security Decision vulnerability has been identified in the Lexmark Print Management Client.

Product: Lexmark Print Management Client

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1126

NVD References: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

CVE-2025-21198 - Microsoft High Performance Compute (HPC) Pack Remote Code Execution Vulnerability

Product: Microsoft High Performance Compute (HPC) Pack

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-21198

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21198

CVE-2025-24434 - Adobe Commerce versions 2.4.7-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are susceptible to an Improper Authorization flaw that may lead to Privilege escalation and unauthorized access without user interaction, allowing for session takeover and increasing confidentiality and integrity risks.

Product: Adobe Commerce

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24434

NVD References: https://helpx.adobe.com/security/products/magento/apsb25-08.html

CVE-2025-1100 - Q-Free MaxTime version 2.11.0 and below is vulnerable to a CWE-259, allowing an unauthenticated remote attacker to execute arbitrary code with root privileges via SSH.

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1100

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-1100

CVE-2025-26339 - Q-Free MaxTime version 2.11.0 and below is vulnerable to a CWE-306, allowing unauthenticated remote attackers to impact device security through crafted HTTP requests.

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26339

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26339

CVE-2025-26341 - Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests.

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26341

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26341

CVE-2025-26342 - Q-Free MaxTime versions less than or equal to 2.11.0 allows unauthenticated remote attackers to create arbitrary users, including administrators.

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26342

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26342

CVE-2025-26344 - Q-Free MaxTime less than or equal to version 2.11.0 is vulnerable to CWE-306, allowing unauthenticated remote attackers to enable passwordless guest mode via crafted HTTP requests.

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26344

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26344

CVE-2025-26345 - Q-Free MaxTime less than or equal to version 2.11.0 is vulnerable to an unauthenticated remote attacker editing user group permissions via crafted HTTP requests in maxprofile/menu/routes.lua, identified as CWE-306 "Missing Authentication for Critical Function."

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26345

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26345

CVE-2025-26347 - Q-Free MaxTime version less than or equal to 2.11.0 is vulnerable to CWE-306, allowing unauthenticated attackers to edit user permissions through crafted HTTP requests in maxprofile/menu/routes.lua.

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26347

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26347

CVE-2025-26359 - Q-Free MaxTime less than or equal to version 2.11.0 is vulnerable to CWE-306, allowing an unauthenticated remote attacker to reset user PINs via crafted HTTP requests in maxprofile/accounts/routes.lua.

Product: Q-Free MaxTime

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26359

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26359

CVE-2025-26361 - Q-Free MaxTime less than or equal to version 2.11.0 allows an unauthenticated remote attacker to factory reset the device via crafted HTTP requests.

Product: Q-Free MaxTime

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-26361

NVD References: https://www.nozominetworks.com/labs/vulnerability-advisories-cve-2025-26361

CVE-2025-25349 & CVE-2025-25351 - PHPGurukul Daily Expense Tracker System v1.1 is vulnerable to SQL Injection.

Product: PHPGurukul Daily Expense Tracker System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25349

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25351

NVD References: https://github.com/vkcyberexpert/CVE-Writeup/blob/main/PHPGurukul/Daily%20Expense%20Tracker%20System/SQL%20Injection%20item%20add-expense%20costitem%20parameter.pdf

CVE-2025-25388 & CVE-2025-25389 - PHPGurukul Land Record System v1.0 is susceptible to a SQL Injection vulnerability.

Product: PHPGurukul Land Record System

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25388

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25389

NVD References: https://github.com/Santoshcyber1/CVE-wirteup/blob/main/Phpgurukul/Land%20record/SQL%20Injection%20p%20editid.pdf

CVE-2025-25182 - Stroom is vulnerable to authentication bypass and server-side request forgery in versions prior to 7.2.24, 7.3-beta.22, 7.4.4, and 7.5-beta.2, potentially leading to code execution or privilege escalation.

Product: Stroom

CVSS Score: 9.4

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25182

NVD References:

- https://github.com/gchq/stroom/pull/4320

- https://github.com/gchq/stroom/security/advisories/GHSA-x489-xx2m-vc43

CVE-2025-1146 - The Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor have a validation logic error that could potentially allow a man-in-the-middle (MiTM) attack due to incorrect processing of server certificate validation.

Product: CrowdStrike Falcon Sensor

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1146

ISC Podcast: https://isc.sans.edu/podcastdetail/9324

NVD References: https://www.crowdstrike.com/security-advisories/cve-2025-1146/

CVE-2022-31631 - PHP versions 8.0.* to 8.2.* when using PDO::quote() for SQLite are vulnerable to SQL injection due to incorrect data quoting.

Product: PHP PDO

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-31631

NVD References:

- https://bugs.php.net/bug.php?id=81740

- https://security.netapp.com/advisory/ntap-20230223-0007/

- https://bugs.php.net/bug.php?id=81740

CVE-2024-57604 - An issue in MaysWind ezBookkeeping 0.7.0 allows a remote attacker to escalate privileges via the token component.

Product: MaysWind ezBookkeeping

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57604

NVD References:

- https://github.com/mayswind/ezbookkeeping/issues/33

- https://hkohi.ca/vulnerability/2

CVE-2024-7102 - GitLab CE/EE versions 16.4 through 17.4.0 allow attackers to trigger pipelines as another user.

Product: GitLab CE/EE

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7102

NVD References:

- https://gitlab.com/gitlab-org/gitlab/-/issues/474414

- https://hackerone.com/reports/2623063

CVE-2025-25286 - Crayfish, an Islandora 8 microservices collection, may be vulnerable to remote code execution in Homarus prior to version 4.1.0, which can be mitigated by preventing general access from the Internet or implementing stronger authentication configurations.

Product: Crayfish Homarus FFmpeg library

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25286

NVD References:

- https://github.com/Islandora/Crayfish/commit/64cb4cec688928798cc40e6f0a0e863d7f69fd89

- https://github.com/Islandora/Crayfish/security/advisories/GHSA-mm6v-68qp-f9fw

CVE-2025-0896 - Orthanc server prior to version 1.5.8 is vulnerable to unauthorized access by attackers due to the lack of default basic authentication when remote access is enabled.

Product: Orthanc Server

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0896

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-037-02

CVE-2025-1094 - PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() improperly neutralize quoting syntax, allowing for SQL injection in certain usage patterns.

Product: PostgreSQL

CVSS Score: 8.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1094

ISC Podcast: https://isc.sans.edu/podcastdetail/9326

NVD References:

- https://www.postgresql.org/support/security/CVE-2025-1094/

- http://www.openwall.com/lists/oss-security/2025/02/16/3

- https://lists.debian.org/debian-lts-announce/2025/02/msg00015.html

CVE-2025-1270 - Anapi Group's h6web is vulnerable to an IDOR flaw that enables an authenticated attacker to access and impersonate other users by manipulating parameters in the "ha_datos_hermano.php" endpoint.

Product: Anapi Group h6web

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1270

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-anapi-group-h6web

CVE-2025-1127 - The vulnerability in the product allows attackers to execute arbitrary code and modify filesystem data.

Product: Lexmark

CVSS Score: 9.1 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1127

NVD References: https://www.lexmark.com/en_us/solutions/security/lexmark-security-advisories.html

CVE-2023-34399 - Mercedes-Benz head-unit NTG6 is vulnerable to integer overflow due to a boost library vulnerability in the profile settings import/export function over USB.

Product: Mercedes-Benz head-unit NTG6

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-34399

NVD References: https://securelist.com/mercedes-benz-head-unit-security-research/115218/

CVE-2025-1283 - The Dingtian DT-R0 Series is vulnerable to an exploit that allows attackers to bypass login requirements.

Product: Dingtian DT-R0 Series

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1283

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-18

- https://www.dingtian-tech.com/en_us/aboutus.html?tab=contact_us

CVE-2025-24865 - The mySCADA myPRO Manager administrative web interface allows unauthorized access, putting sensitive information at risk.

Product: mySCADA myPRO Manager

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-24865

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16

- https://www.myscada.org/contacts/

- https://www.myscada.org/downloads/mySCADAPROManager/

CVE-2025-25067 - mySCADA myPRO Manager is vulnerable to OS command injection, allowing remote attackers to execute arbitrary commands.

Product: mySCADA myPRO Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-25067

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-25-044-16

- https://www.myscada.org/contacts/

- https://www.myscada.org/downloads/mySCADAPROManager/

CVE-2024-13152 - Mobuy Online Machinery Monitoring Panel: before 2.0 is vulnerable to authorization bypass through user-controlled SQL primary key, allowing SQL injection.

Product: BSS Software Mobuy Online Machinery Monitoring Panel

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13152

NVD References: https://www.usom.gov.tr/bildirim/tr-25-0033

CVE-2025-0867 - MEAC applications are vulnerable to privilege escalation due to stored administrator credentials, allowing the EPC2 user to execute commands with administrative privileges.

Product: MEAC EPC2

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0867

NVD References:

- https://cdn.sick.com/media/docs/1/11/411/Special_information_CYBERSECURITY_BY_SICK_en_IM0084411.PDF

- https://sick.com/psirt

- https://www.cisa.gov/resources-tools/resources/ics-recommended-practices

- https://www.first.org/cvss/calculator/3.1

- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.json

- https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0001.pdf

CVE-2025-1302 - jsonpath-plus before version 10.3.0 is vulnerable to Remote Code Execution (RCE) through unsafe default usage of eval='safe' mode, allowing attackers to execute arbitrary code on the system.

Product: npmjs jsonpath-plus

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1302

NVD References:

- https://gist.github.com/nickcopi/11ba3cb4fdee6f89e02e6afae8db6456

- https://github.com/JSONPath-Plus/JSONPath/blob/8e4acf8aff5f446aa66323e12394ac5615c3b260/src/Safe-Script.js%23L127

- https://github.com/JSONPath-Plus/JSONPath/commit/30942896d27cb8a806b965a5ca9ef9f686be24ee

- https://security.snyk.io/vuln/SNYK-JS-JSONPATHPLUS-8719585

CVE-2024-57971 - Knowage Server in KNOWAGE before 8.1.30 allows attackers to bypass security measures by not enforcing proper JNDI naming conventions in DataSourceResource.java.

Product: Knowage Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-57971

NVD References:

- https://github.com/KnowageLabs/Knowage-Server/commit/f7d0362f737e1b0db1cc9cc95b1236d62d83dd0c

- https://github.com/KnowageLabs/Knowage-Server/compare/v8.1.29...v8.1.30

- https://spagobi.readthedocs.io

CVE-2025-1387 - Orca HCM from LEARNING DIGITAL is vulnerable to unauthorized logins due to an Improper Authentication flaw.

Product: LEARNING DIGITAL Orca HCM

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-1387

NVD References:

- https://www.twcert.org.tw/en/cp-139-8428-59a9a-2.html

- https://www.twcert.org.tw/tw/cp-132-8427-daea8-1.html

CVE-2025-22630 - MarketingFire Widget Options is vulnerable to OS Command Injection through improper neutralization of special elements used in a command.

Product: MarketingFire Widget Options

Active Installations: 100,000+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-22630

NVD References: https://patchstack.com/database/wordpress/plugin/widget-options/vulnerability/wordpress-widget-options-plugin-4-1-0-arbitrary-code-execution-vulnerability?_s_id=cve

CVE-2024-13011 - The WP Foodbakery plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code on affected sites.

Product: WP Foodbakery WordPress

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13011

NVD References:

- https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331

- https://www.wordfence.com/threat-intel/vulnerabilities/id/850fc4db-6e02-44c7-836a-02c433a0bae7?source=cve

CVE-2025-0180 - The WP Foodbakery plugin for WordPress allows unauthenticated attackers to register as an administrator due to privilege escalation vulnerability.

Product: WordPress WP Foodbakery plugin

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0180

NVD References:

- https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331

- https://www.wordfence.com/threat-intel/vulnerabilities/id/d7140a6e-a528-428e-850e-5e4a481c5d7d?source=cve

CVE-2025-0181 - The WP Foodbakery plugin for WordPress allows unauthenticated attackers to gain administrator access by not properly validating a user's identity.

Product: WP Foodbakery WordPress

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-0181

NVD References:

- https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331

- https://www.wordfence.com/threat-intel/vulnerabilities/id/d722ec8d-bfca-4da1-8eb0-8d33735c5e44?source=cve

CVE-2022-3180 - The WPGateway Plugin for WordPress allows unauthenticated attackers to create malicious admin accounts by exploiting privilege escalation up to version 3.5.

Product: WordPress WPGateway Plugin

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-3180

NVD References:

- https://www.wordfence.com/blog/2022/09/psa-zero-day-vulnerability-in-wpgateway-actively-exploited-in-the-wild/

- https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/wpgateway/wpgateway-35-unauthenticated-privilege-escalation

CVE-2024-13421 - The Real Estate 7 WordPress theme for WordPress allows unauthenticated attackers to register new administrative user accounts due to privilege escalation vulnerability.

Product: Real Estate 7 WordPress

Active Installations: unknown. Updated to v3.5.2 on 1/31/2025

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13421

NVD References:

- https://contempothemes.com/changelog/

- https://themeforest.net/item/wp-pro-real-estate-7-responsive-real-estate-wordpress-theme/12473778

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a50b3304-d55b-487a-8137-d5083c704cf4?source=cve

CVE-2024-12213 - The WP Job Board Pro plugin for WordPress allows unauthenticated attackers to register as an administrator due to privilege escalation vulnerability.

Product: WordPress WP Job Board Pro

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12213

NVD References:

- https://themeforest.net/item/superio-job-board-wordpress-theme/32180231

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7cdfce88-b6c2-4820-9d6f-446f61b9b596?source=cve

CVE-2024-13365 - The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to arbitrary file uploads via .zip archives, allowing unauthenticated attackers to potentially execute remote code.

Product: CleanTalk Security & Malware scan by CleanTalk plugin

Active Installations: 30,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13365

NVD References:

- https://plugins.trac.wordpress.org/changeset/3229205/security-malware-firewall#file527

- https://www.wordfence.com/threat-intel/vulnerabilities/id/9fa30fa2-6c42-4e5f-a0b5-8711ce5d8121?source=cve

CVE-2024-10960 - The Brizy – Page Builder plugin for WordPress allows authenticated attackers to upload arbitrary files and potentially execute remote code.

Product: Brizy Page Builder plugin for WordPress

Active Installations: 80,000+

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10960

NVD References:

- https://plugins.trac.wordpress.org/changeset/3222672/brizy/tags/2.6.5/editor/zip/archiver.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2f0c85f4-07ae-4a2b-bd82-93467e7d9325?source=cve

CVE-2024-10763 - The Campress theme for WordPress is vulnerable to Local File Inclusion through the 'campress_woocommerce_get_ajax_products' function, allowing unauthenticated attackers to execute arbitrary files and potentially gain sensitive data or take control of the server.

Product: WordPress Campress theme

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10763

NVD References:

- https://themeforest.net/item/campress-responsive-education-courses-and-events-wordpress-theme/19355619

- https://www.wordfence.com/threat-intel/vulnerabilities/id/d818b467-a893-4f4f-b623-abff99ef37b4?source=cve

CVE-2024-13182 - The WP Directorybox Manager plugin for WordPress is vulnerable to Authentication Bypass, allowing unauthenticated attackers to log in as any existing user on the site.

Product: WordPress WP Directorybox Manager

Active Installations: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13182

NVD References:

- http://localhost:1337/wp-content/plugins/wp-directorybox-manager/elements/login/cs-social-login/cs-social-login.php#L43

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ea9e5e5d-a7fc-4159-a2ae-610bee76f818?source=cve

CVE-2024-13513 - The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to sensitive information exposure in versions up to 2.4.2.3, allowing unauthenticated attackers to extract and misuse sensitive data, resulting in potential site takeover.

Product: Oliver POS A WooCommerce Point of Sale (POS)

Active Installations: 1,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-13513

NVD References:

- https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/models/class-pos-bridge-user.php#L373

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3234731%40oliver-pos%2Ftrunk&old=3056051%40oliver-pos%2Ftrunk&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/bf6b7d8d-fb13-4eb4-b0b4-d0a10ad2a21e?source=cve

CVE-2024-12562 - The s2Member Pro plugin for WordPress is vulnerable to PHP Object Injection, up to version 241216, allowing unauthenticated attackers to inject a PHP Object.

Product: s2Member Pro WordPress

Active Installations: 10,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-12562

NVD References:

- https://s2member.com/changelog/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/65192fdb-86db-475a-8c61-4db922920cfe?source=cve