The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

A phishing campaign with QR codes rendered using an HTML table

Published: 2026-01-07

Last Updated: 2026-01-07 09:32:26 UTC

by Jan Kopriva (Version: 1)

Malicious use of QR codes has long been ubiquitous, both in the real world as well as in electronic communication. This is hardly surprising given that a scan of a QR code can lead one to a phishing page as easily as clicking a link in an e-mail.

No more surprising is that vendors of security technologies have, over time, developed mechanisms for detecting and analyzing images containing QR codes that are included in e-mail messages. These security mechanisms make QR code-based phishing less viable. However, due to the “cat and mouse” nature of cybersecurity, threat actors continually search for ways of bypassing various security controls, and one technique that can be effective in bypassing QR code detection and analysis in e-mail messages was demonstrated quite well in a recent string of phishing messages which made it into our inbox.

The technique in question is based on the use of imageless QR codes rendered with the help of an HTML table. While it is not new by any stretch, it is not too well-known, and I therefore consider it worthy of at least this short post.

Samples of the aforementioned phishing messages I have access to have been sent out between December 22nd and December 26th, and all of them had the same basic layout consisting of only a few lines of text along with the QR code ...

Read the full entry: https://isc.sans.edu/diary/A+phishing+campaign+with+QR+codes+rendered+using+an+HTML+table/32606/

Risks of OOB Access via IP KVM Devices

Published: 2026-01-05

Last Updated: 2026-01-05 17:33:50 UTC

by Johannes Ullrich (Version: 1)

Recently, a new "breed" of IP-based KVM devices has been released. In the past, IP-based KVM devices required dedicated "server-grade" hardware using IPMI. They often cost several $100 per server, and are only available for specific systems that support the respective add-on cards. These cards are usually used to provide "Lights Out" access to servers, allowing a complete reboot and interaction with the pre-boot environment via simple web-based tools. In some cases, these IPMI tools can also be used via various enterprise/data center management tools.

The first "non-datacenter grade" device that provided similar capabilities to arbitrary systems was the "PIKVM". This device was based on a Raspberry Pi and combined various add-on cards (HDMI capture and USB device ports) to turn the Raspberry Pi into a remote access device. But even the PIKVM wasn't cheap. The hardware cost added up to around $100-$200. Fully assembled devices are available for around $300. While within reach for some hobbyists, it was still too expensive for many.

More recently, A Chinese company, Sipeed, started offering a "NanoKVM". This device offers comparable capabilities for as low as $30 for a bare bones version ($60 for a more full-featured assembled version). The NanoKVM uses a very minimal RISC CPU and runs a stripped-down Linux variant providing just enough features to act as a servicable KVM. Consumer-oriented device manufacturers like GL-INET and others have released similar devices competing directly with the "NanoKVM", often offering some additional capabilities.

But turning these devices into a ubiquitous commodity has not come without problems.

Some have accused Sipeed of installing deliberate backdoors in their devices and delaying addressing security vulnerabilities. Ultimately, you should never deploy a device from a vendor you do not trust. I am not able to answer for you, but you need to figure out if this is a risk you are willing to take. A device like an IP KVM will always have direct access to your system, and it will be able to intercept keystrokes and video output. Many of the alleged vulnerabilities, like insecure firmware updates, are sadly very common in consumer devices. The NanoKVM will download firmware updates from Sipeed's servers in China. It will report some system status with these requests, which again is not that unusual. Sipeed offers other products (for example, camera systems) built around the same RISC board, explaining things like microphones and such that are located on the board. For more details, see the reports released by Tom's Hardware in December ...

- https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm

Read the full entry: https://isc.sans.edu/diary/Risks+of+OOB+Access+via+IP+KVM+Devices/32598/

Cryptocurrency Scam Emails and Web Pages As We Enter 2026

Published: 2026-01-04

Last Updated: 2026-01-04 04:30:30 UTC

by Brad Duncan (Version: 1)

Introduction

In October 2025, a work colleague documented a cryptocurrency scam using a fake chatbot. After investigating this, I was able to receive messages from the campaign, and these emails have continued to land in my honeypot account since then. This diary documents the cryptocurrency scam campaign as it continues in 2026 ...

Read the full entry: https://isc.sans.edu/diary/Cryptocurrency+Scam+Emails+and+Web+Pages+As+We+Enter+2026/32594/

Tool Review: Tailsnitch (2026.01.06)

https://isc.sans.edu/diary/Tool+Review+Tailsnitch/32602/

Debugging DNS response times with tshark (2026.01.02)

https://isc.sans.edu/diary/Debugging+DNS+response+times+with+tshark/32592/

DLLs & TLS Callbacks (2025.12.19)

https://isc.sans.edu/diary/DLLs+TLS+Callbacks/32580/

Positive trends related to public IP ranges from the year 2025 (2025.12.18)

https://isc.sans.edu/diary/Positive+trends+related+to+public+IP+ranges+from+the+year+2025/32584/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-69234 - Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.

Product: Whale browser

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69234

CVE-2025-15102 - DVP-12SE11T - Password Protection Bypass

Product: Deltaww DVP-12SE11T

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15102

CVE-2025-15359 - DVP-12SE11T - Out-of-bound memory write Vulnerability

Product: Deltaww DVP-12SE11T

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15359

CVE-2025-15255 - Tenda W6-S 1.0.0.4(510) is vulnerable to a remote stack-based buffer overflow in the /bin/httpd file, allowing for exploitation by manipulating the argument Cookie.

Product: Tenda W6-S

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15255

CVE-2025-66848 - JD Cloud NAS routers AX1800, AX3000, AX6600, BE6500, ER1, and ER2 are vulnerable to unauthorized remote command execution.

Product: JD Cloud NAS routers

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-66848

CVE-2025-68926 - RustFS prior to version 1.0.0-alpha.77 exposes a hardcoded static token in the source code repository, allowing attackers to authenticate and execute privileged operations on distributed object storage systems.

Product: RustFS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68926

CVE-2025-56332 - Authentication Bypass in fosrl/pangolin v1.6.2 and before allows attackers to access Pangolin resource via Insecure Default Configuration

Product: fosrI pangolin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56332

CVE-2025-50343 - matio 1.5.28 is vulnerable to heap-based memory corruption in Mat_VarCreateStruct() due to a mismatch between nfields value and the number of strings in the fields array, leading to potential segmentation fault or heap corruption.

Product: matIO

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-50343

CVE-2022-50691 - MiniDVBLinux 5.4 is susceptible to a remote command execution vulnerability that enables unauthorized individuals to run arbitrary commands as root by manipulating the 'command' GET parameter in the /tpl/commands.sh endpoint.

Product: MiniDVBLinux 5.4

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50691

CVE-2022-50695 - SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x has a network vulnerability allowing unauthenticated attackers to launch flooding attacks against external hosts by sending ICMP signals through network command scripts.

Product: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50695

CVE-2022-50790 - SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below have an unauthenticated vulnerability that enables remote attackers to access live radio stream information.

Product: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50790

CVE-2022-50792 - SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below are vulnerable to an unauthenticated file disclosure flaw, enabling attackers to access critical system files by altering the 'file' GET parameter.

Product: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50792

CVE-2022-50794 - SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x and below have a vulnerability that allows attackers to inject commands via the 'username' parameter in order to execute arbitrary system commands.

Product: SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50794

CVE-2022-50803 - JM-DATA ONU JF511-TV version 1.0.67 has default credentials that can be exploited by attackers to gain admin access to the device.

Product: JM-DATA ONU JF511-TV

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-50803

CVE-2024-58336 - Akuvox Smart Intercom S539 has an unauthenticated vulnerability on port 8080, allowing remote attackers to access live video streams through the video.cgi endpoint.

Product: Akuvox Smart Intercom S539

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-58336

CVE-2024-58338 - Anevia Flamingo XL 3.2.9 is vulnerable to a restricted shell escape via the traceroute command, enabling attackers to gain full root access by injecting shell commands.

Product: Anevia Flamingo XL

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-58338

CVE-2025-15114 - Ksenia Security Lares 4.0 Home Automation version 1.6 has a critical security flaw that exposes the alarm system PIN, allowing attackers to disable the system without additional authentication.

Product: Ksenia Security Lares 4.0 Home Automation

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15114

CVE-2025-69286 - RAGFlow's versions prior to 0.22.0 are vulnerable to an insecure key generation algorithm that allows unauthorized users to derive personal API keys and gain full control over accounts.

Product: Infiniflow RAGflow

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69286

CVE-2025-69288 - Titra software allows Admin users to modify timeEntryRule in the database pre-version 0.99.49, leading to Remote Code Execution without sanitization.

Product: Titra open source project time tracking software

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-69288

CVE-2025-66398 - Signal K Server prior to version 2.19.0 allows unauthenticated attackers to manipulate internal server state and potentially execute Remote Code.

Product: Signal K Server

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-66398

CVE-2025-68620 - Signal K Server prior to version 2.19.0 exposes vulnerabilities that allow attackers to steal JWT authentication tokens without any prior authentication.

Product: Signal K Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68620

CVE-2025-65125 - SQL injection in gosaliajainam/online-movie-booking 5.5 in movie_details.php allows attackers to gain sensitive information.

Product: gosaliajainam online-movie-booking

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-65125

CVE-2025-67268 - gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file.

Product: gpsd

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67268

CVE-2025-15026 - Centreon Infra Monitoring's centreon-awie module lacks authentication, allowing unauthorized access to restricted functionalities.

Product: Centreon Infra Monitoring

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15026

CVE-2025-15029 - Centreon Infra Monitoring (Awie export modules) allows SQL Injection to unauthenticated user in versions 25.10.0 to 25.10.2, 24.10.0 to 24.10.3, and 24.04.0 to 24.04.3.

Product: Centreon Infra Monitoring

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15029

CVE-2025-14346 - The WHILL Model C2 Electric Wheelchairs and Model F Power Chairs are vulnerable to unauthorized Bluetooth pairing, allowing attackers to control movement and configurations without authentication.

Product: WHILL Model C2 Electric Wheelchairs and Model F Power Chairs

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14346

NVD References: https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-364-01

CVE-2025-59157 - Coolify is vulnerable to command injection in the Git Repository field during project creation, allowing attackers to execute arbitrary shell commands on the server prior to version 4.0.0-beta.420.7.

Product: Coolify

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59157

CVE-2025-64419 - Coolify allows attackers to execute commands as root on the instance if a victim user creates an application using an attacker repository prior to version 4.0.0-beta.445.

Product: Coolify

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64419

CVE-2025-64420 - Coolify allows low privileged users to view the private key of the root user, potentially enabling unauthorized access to the server as root.

Product: Coolify

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64420

CVE-2025-27807 - Samsung Mobile Processor, Wearable Processor, and Modem Exynos are vulnerable to out-of-bounds writes via malformed NAS packets due to a lack of length check.

Product: Samsung Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27807

CVE-2025-67397 - Passy v.1.6.3 is vulnerable to remote authenticated attackers executing arbitrary commands via crafted HTTP request with payload injection.

Product: Passy

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-67397

CVE-2025-15444 - Crypt::Sodium::XS module versions prior to 0.000042 for Perl are vulnerable due to including a version of libsodium with a CVE-2025-69277 vulnerability.

Product: Crypt Perl

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15444

CVE-2025-15385 - Insufficient Verification of Data Authenticity vulnerability in TECNO Mobile com.Afmobi.Boomplayer allows Authentication Bypass.This issue affects com.Afmobi.Boomplayer: 7.4.63.

Product: TECNO Mobile com.Afmobi.Boomplayer

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15385

CVE-2026-21675 - iccDEV contains a Use After Free vulnerability in versions 2.3.1 and below that is fixed in version 2.3.1.1.

Product: iccDEV ICC DevKit

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2026-21675

CVE-2020-36912 - Plexus anblick Digital Signage Management 3.1.13 has an open redirect vulnerability in the 'PantallaLogin' script, allowing attackers to manipulate the 'pagina' GET parameter and redirect users to malicious websites.

Product: Plexus anblick Digital Signage Management 3.1.13

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36912

CVE-2020-36923 - Sony BRAVIA Digital Signage 1.7.8 is susceptible to an insecure direct object reference vulnerability that enables unauthorized access to hidden system resources.

Product: Sony BRAVIA Digital Signage 1.7.8

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36923

CVE-2020-36925 - Arteco Web Client DVR/NVR is vulnerable to session hijacking due to weak session ID complexity, allowing remote attackers to bypass authentication and access live camera streams.

Product: Arteco Web Client DVR/NVR

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2020-36925

CVE-2025-60262 - H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point are vulnerable to a misconfiguration in vsftpd, allowing remote attackers to gain root-level control through anonymously uploaded files.

Product: H3C M102G HM1A0V200R010 wireless controller and BA1500L SWBA1A0V100R006 wireless access point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60262

CVE-2025-65212 - NJHYST HY511 POE core before 2.1 and plugins before 0.1 allows attackers to bypass authentication and access configuration files by exploiting insufficient cookie verification.

Product: NJHYST HY511 POE core

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-65212

CVE-2025-60534 - Blue Access Cobalt v02.000.195 is vulnerable to an authentication bypass flaw that enables unauthorized users to manipulate the web application's functionality without proper credentials.

Product: Blue Access Cobalt

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60534

CVE-2025-15471 - TRENDnet TEW-713RE 1.02 is vulnerable to remote os command injection through manipulation of the argument SZCMD in the file /goformX/formFSrvX, with the exploit now public and the vendor unresponsive to early disclosure.

Product: TRENDnet TEW-713RE

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15471

CVE-2025-68974 - miniOrange WordPress Social Login and Register miniorange-login-openid allows PHP Local File Inclusion from n/a through <= 7.7.0.

Product: miniOrange WordPress Social Login and Register

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68974

NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/miniorange-login-openid/vulnerability/wordpress-wordpress-social-login-and-register-plugin-7-7-0-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-68983 - Greenmart allows for PHP Remote File Inclusion vulnerability in versions n/a through 4.2.11, allowing attackers to potentially include malicious files.

Product: thembay Greenmart

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68983

NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/greenmart/vulnerability/wordpress-greenmart-theme-4-2-11-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-68984 - Puca allows PHP Remote File Inclusion, potentially enabling attackers to include and execute remote files in the application.

Product: thembay Puca

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68984

NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/puca/vulnerability/wordpress-puca-theme-2-6-39-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-68985 - Aora allows remote attackers to include and execute arbitrary PHP files through improper control of filenames in include/require statements.

Product: thembay Aora

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68985

NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/aora/vulnerability/wordpress-aora-theme-1-3-15-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-68987 - Cinerama - A WordPress Theme for Movie Studios and Filmmakers cinerama allows PHP Local File Inclusion from n/a through <= 2.4.

Product: Edge-Themes Cinerama - A WordPress Theme for Movie Studios and Filmmakers

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68987

NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/cinerama/vulnerability/wordpress-cinerama-a-wordpress-theme-for-movie-studios-and-filmmakers-theme-2-4-local-file-inclusion-vulnerability?_s_id=cve

CVE-2025-68990 - BWL Pro Voting Manager contains a Blind SQL Injection vulnerability in versions from n/a through <= 1.4.9.

Product: xenioushk BWL Pro Voting Manager

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68990

NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/bwl-pro-voting-manager/vulnerability/wordpress-bwl-pro-voting-manager-plugin-1-4-9-sql-injection-vulnerability?_s_id=cve

CVE-2025-52835 - WING WordPress Migrator by ConoHa by GMO is vulnerable to a CSRF flaw which allows attackers to upload a web shell to a web server.

Product: GMO Internet ConoHa by GMO WING WordPress Migrator

Active Installations: This plugin has been closed as of January 6, 2026 and is not available for download. This closure is permanent. Reason: Author Request.

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52835

NVD References: https://vdp.patchstack.com/database/wordpress/plugin/wing-migrator/vulnerability/wordpress-wing-wordpress-migrator-plugin-1-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

CVE-2025-14998 - The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover due to lack of proper user identity validation in versions up to 3.4.24.

Product: Branda WordPress

Active Installations: 20,000+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14998

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/ae46be82-570f-4172-9c3f-746b894b84b9?source=cve

CVE-2025-30633 - AA-Team Amazon Native Shopping Recommendations is vulnerable to SQL Injection from version n/a through 1.3.

Product: AA-Team Amazon Native Shopping Recommendations

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30633

NVD References: https://vdp.patchstack.com/database/wordpress/plugin/woozone-contextual/vulnerability/wordpress-amazon-native-shopping-recommendations-plugin-1-3-sql-injection-vulnerability?_s_id=cve

CVE-2025-31048 - Themify Shopo allows unrestricted upload of dangerous files, potentially leading to the upload of a web shell to a web server, affecting versions n/a through 1.1.4.

Product: Themify Shopo

Active Installations: Unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-31048

NVD References: https://vdp.patchstack.com/database/wordpress/theme/shopo/vulnerability/wordpress-shopo-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2025-68865 - Infility Global is vulnerable to SQL Injection from version n/a through 2.14.48.

Product: Infility Global

Active Installations: 100+

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-68865

NVD References: https://vdp.patchstack.com/database/wordpress/plugin/infility-global/vulnerability/wordpress-infility-global-plugin-2-14-38-sql-injection-vulnerability?_s_id=cve

CVE-2023-50897 - Media File Renamer by Meow Apps is vulnerable to unrestricted upload of dangerous file types, allowing for the use of malicious files.

Product: Meow Apps Media File Renamer

Active Installations: 40,000+

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-50897

NVD References: https://vdp.patchstack.com/database/wordpress/plugin/media-file-renamer/vulnerability/wordpress-media-file-renamer-plugin-5-7-7-arbitrary-file-rename-lead-to-rce-vulnerability?_s_id=cve

CVE-2025-39484 - Waituk Entrada is vulnerable to SQL Injection in versions from n/a through 5.7.7.

Product: Waituk Entrada

Active Installations: Unknown

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39484

NVD References: https://vdp.patchstack.com/database/wordpress/theme/entrada/vulnerability/wordpress-entrada-theme-5-7-7-sql-injection-vulnerability?_s_id=cve

CVE-2025-14996 - The AS Password Field In Default Registration Form plugin for WordPress allows for privilege escalation and account takeover by unauthenticated attackers.

Product: WordPress AS Password Field In Default Registration Form plugin

Active Installations: This plugin has been closed as of December 30, 2025 and is not available for download. This closure is temporary, pending a full review.

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-14996

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/061f022b-b922-4499-bb34-8ea91ba5ace3?source=cve

CVE-2025-15001 - The FS Registration Password plugin for WordPress allows unauthenticated attackers to gain admin access via privilege escalation.

Product: WordPress FS Registration Password plugin

Active Installations: 50+

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-15001

NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/22351b90-fc34-44ce-9241-4a0f01eb7b1c?source=cve

CVE-2025-39477 - InWave Jobs missing authorization vulnerability in Sfwebservice allows exploiting improperly configured access control security levels from versions n/a through 3.5.8.

Product: InWave Jobs

Active Installations: Unknown

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-39477

NVD References: https://patchstack.com/database/wordpress/plugin/iwjob/vulnerability/wordpress-inwave-jobs-plugin-3-5-8-broken-access-control-vulnerability?_s_id=cve

CVE-2025-30996 - Multiple Themify WordPress Themes are vulnerable to unrestricted upload of files with dangerous types, allowing attackers to upload a web shell to a web server.

Product: Themify Sidepane WordPress Theme, Themify Newsy, Themify Folo, Themify Edmin, Themify Bloggie, Themify Photobox, Themify Wigi, Themify Rezo, Themify Slide

Active Installations: Unknown

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-30996

NVD References:

- https://patchstack.com/database/wordpress/theme/bloggie/vulnerability/wordpress-bloggie-2-0-8-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/edmin/vulnerability/wordpress-themify-edmin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/folo/vulnerability/wordpress-themify-folo-1-9-6-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/newsy/vulnerability/wordpress-themify-newsy-1-9-9-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/photobox/vulnerability/wordpress-photobox-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/rezo/vulnerability/wordpress-rezo-1-9-7-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/sidepane/vulnerability/wordpress-themify-sidepane-wordpress-theme-1-9-8-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/slide/vulnerability/wordpress-slide-1-7-5-arbitrary-file-upload-vulnerability?_s_id=cve

- https://patchstack.com/database/wordpress/theme/wigi/vulnerability/wordpress-wigi-2-0-1-arbitrary-file-upload-vulnerability?_s_id=cve