Posted on by danny

@RISK: The Consensus Security Vulnerability Alert: Vol. 25, Num. 42

CONTENTS:
=========================================================
INTERNET STORM CENTER SPOTLIGHT
OTHER INTERNET STORM CENTER ENTRIES
RECENT CVEs
=========================================================

INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

How to collect memory-only filesystems on Linux systems
Published: 2025-10-29
Last Updated: 2025-10-29 04:53:31 UTC
by Jim Clausing (Version: 1)

I’ve been doing Unix/Linux IR and Forensics for a long time. I logged into a Unix system for the first time in 1983. That’s one of the reasons I love teaching FOR577, because I have stories that go back to before some of my students were even born that are still relevant today.

In recent years, I’ve noticed a lot of attackers try to hide their tools or stage their data exfiltration in memory-only filesystems …

Unfortunately, you can’t just dd these tmpfs filesystems. There is no block device backing it that will let you take a forensically sound image. So, if I want to get all of the metadata and the contents of any files the attacker may have stashed there, I’m going to need to try something else. Fortunately, after thinking about it a bit, I came up with a method that worked for me. I even talked it over briefly with Hal Pomeranz and we couldn’t come up with anything better. When I was thinking about this about a year ago, I did a quick Google search and didn’t see anyone else having talked about this, but I’d be surprised if others haven’t come up with the same idea.

The basic idea is to first collect the metadata (inode contents), then collect the file contents, since doing it in the other order would cause the access timestamp in the inode to be updated. Since I came up with this technique, I’ve used it on dozens (probably 100+) of systems with pretty good success. I have run into a handful that didn’t have the stat command, so I could only collect the contents, but not the inode metadata. You deal with what the system has available …

Read the full entry: https://isc.sans.edu/diary/How+to+collect+memoryonly+filesystems+on+Linux+systems/32432/

A phishing with invisible characters in the subject line
Published: 2025-10-28
Last Updated: 2025-10-28 10:12:32 UTC
by Jan Kopriva (Version: 1)

While reviewing malicious messages that were delivered to our handler inbox over the past few days, I noticed that the “subject” of one phishing e-mail looked quite strange when displayed in the Outlook message list …

As you can see, once the message was open, the subject was displayed as a normal, readable text. This suggested that some invisible characters were likely present.

A quick look at the e-mail headers proved this to be the case …

Read the full entry: https://isc.sans.edu/diary/A+phishing+with+invisible+characters+in+the+subject+line/32428/

Bytes over DNS
Published: 2025-10-27
Last Updated: 2025-10-27 09:10:01 UTC
by Didier Stevens (Version: 1)

I was intrigued when Johannes talked about malware that uses BASE64 over DNS to communicate. Take a DNS request like this: label1[.]label2[.]tld. Labels in a request like this can only be composed with letters (not case-sensitive), digits and a hyphen character (-). While BASE64 is encoded with letters (uppercase and lowercase), digits and special characters + and /. And also a special padding character: =.

So when sticking to the standards, it is not possible to use BASE64 in a label. What happens when we don’t stick to the standards?

So I wanted to know what byte values I could transmit over DNS when using third-party DNS infrastructure over which I have no control, like my ISP, CloudFlare, Google, …

Here is a schema …

Read the full entry: https://isc.sans.edu/diary/Bytes+over+DNS/32420/

OTHER INTERNET STORM CENTER ENTRIES

Kaitai Struct WebIDE (2025.10.26)
https://isc.sans.edu/diary/Kaitai+Struct+WebIDE/32422/

Phishing Cloud Account for Information (2025.10.23)
https://isc.sans.edu/diary/Phishing+Cloud+Account+for+Information/32416/

Infostealer Targeting Android Devices (2025.10.23)
https://isc.sans.edu/diary/Infostealer+Targeting+Android+Devices/32414/

webctrl.cgi/Blue Angel Software Suite Exploit Attempts. Maybe CVE-2025-34033 Variant? (2025.10.22)
https://isc.sans.edu/diary/webctrlcgiBlue+Angel+Software+Suite+Exploit+Attempts+Maybe+CVE202534033+Variant/32410/

RECENT CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2025-59287 – Deserialization of untrusted data in Windows Server Update Service allows an unauthorized attacker to execute code over a network.
Product: Microsoft Windows Server Update Service
CVSS Score: 0
** KEV since 2025-10-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59287
ISC Podcast: https://isc.sans.edu/podcastdetail/9670

CVE-2025-54236 – Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are vulnerable to an Improper Input Validation issue, allowing attackers to achieve session takeover without requiring user interaction.
Product: Adobe Commerce
CVSS Score: 0
** KEV since 2025-10-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-54236
ISC Podcast: https://isc.sans.edu/podcastdetail/9670

CVE-2025-40780 – BIND is vulnerable to PRNG weakness allowing attackers to predict source ports and query IDs in certain circumstances.
Product: ISC BIND
CVSS Score: 8.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-40780
ISC Podcast: https://isc.sans.edu/podcastdetail/9670
NVD References: https://kb.isc.org/docs/cve-2025-40780

CVE-2025-34033 – Blue Angel Software Suite on embedded Linux devices is vulnerable to OS command injection via the ping_addr parameter in the webctrl.cgi script, allowing authenticated attackers to execute arbitrary commands as the root user.
Product: Blue Angel Software Suite
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-34033
ISC Podcast: https://isc.sans.edu/podcastdetail/9668

CVE-2025-6542 – An arbitrary OS command may be executed on the product by a remote unauthenticated attacker.
Product: TP-Link ER8411
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6542
NVD References: https://support.omadanetworks.com/en/document/108455/

CVE-2025-7851 – An attacker may obtain the root shell on the underlying OS system with the restricted conditions on Omada gateways.
Product: TP-Link FR307-M2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-7851
NVD References: https://support.omadanetworks.com/en/document/108456/

CVE-2025-10640 – WorkExaminer server has a vulnerability where an unauthenticated attacker with access to TCP port 12306 can bypass authentication checks in the Professional console to gain administrative access.
Product: WorkExaminer Professional
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10640

CVE-2025-60772 – NETLINK HG322G V1.0.00-231017 is vulnerable to improper authentication, allowing a remote attacker to escalate privileges and lock out the legitimate administrator.
Product: NETLINK HG322G
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60772

CVE-2025-53037 – Oracle Financial Services Analytical Applications Infrastructure product is vulnerable to an easily exploitable attack that allows unauthorized access and potential takeover of the system.
Product: Oracle Financial Services Analytical Applications Infrastructure
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53037
NVD References: https://www.oracle.com/security-alerts/cpuoct2025.html

CVE-2025-53072 & CVE-2025-62481 – Oracle Marketing in Oracle E-Business Suite (component: Marketing Administration) versions 12.2.3-12.2.14 is vulnerable to easily exploitable attacks by unauthenticated attackers via HTTP, potentially leading to a complete takeover of Oracle Marketing with a CVSS Base Score of 9.8.
Product: Oracle Marketing
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-53072
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62481
NVD References: https://www.oracle.com/security-alerts/cpuoct2025.html

CVE-2025-61757 – The vulnerability in the Identity Manager product of Oracle Fusion Middleware allows an unauthenticated attacker to compromise the system and potentially take it over.
Product: Oracle Identity Manager
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61757
NVD References: https://www.oracle.com/security-alerts/cpuoct2025.html

CVE-2025-41723 – importFile SOAP method in SOAP is vulnerable to directory traversal, allowing unauthenticated remote attackers to upload files to arbitrary locations.
Product: importFile SOAP method
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-41723

CVE-2025-56447 – TM2 Monitoring v3.04 contains an authentication bypass and plaintext credential disclosure.
Product: TM2 Monitoring v3.04
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-56447

CVE-2025-57870 – Esri ArcGIS Server versions 11.3, 11.4, and 11.5 on various platforms are vulnerable to SQL Injection, allowing remote attackers to execute arbitrary commands and potentially access, modify, or delete data.
Product: Esri ArcGIS Server
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-57870
NVD References: https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-feature-services-security-patch

CVE-2025-47699 – Gallagher Morpho integration is vulnerable to exposure of sensitive system information, allowing authenticated operators to make critical changes to local devices.
Product: Gallagher Morpho Integration
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-47699
NVD References: https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-47699

CVE-2025-11023 – AcBakImzala before v5.1.4 allows PHP Local File Inclusion.
Product: ArkSigner Software and Hardware Inc. AcBakImzala
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11023
NVD References: https://www.usom.gov.tr/bildirim/tr-25-0356

CVE-2025-58428 – The TLS4B ATG system’s SOAP-based interface can be exploited by remote attackers with valid credentials to execute system-level commands and potentially gain full control over the underlying Linux system.
Product: Veeder-Root TLS4B ATG system
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58428
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-03

CVE-2025-59503 – Server-side request forgery (ssrf) in Azure Compute Gallery allows an authorized attacker to elevate privileges over a network.
Product: Azure Compute Gallery
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59503
NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59503

CVE-2025-61934 – Productivity Suite software version v4.4.1.19 is vulnerable to an unrestricted IP address binding, enabling unauthenticated remote attackers to manipulate files and folders on the target machine via the ProductivityService PLC simulator.
Product: AutomationDirect Productivity Suite
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61934
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-25-296-01

CVE-2025-11253 – Netty ERP by Aksis Technology Inc. is vulnerable to SQL Injection in versions before V.1.1000.
Product: Aksis Technology Inc. Netty ERP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-11253

CVE-2025-43995 – Dell Storage Center – Dell Storage Manager version 20.1.21 has an Improper Authentication vulnerability allowing unauthenticated remote attackers to bypass protection mechanisms and authenticate as special users in compellentservicesapi.
Product: Dell Storage Center
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-43995
NVD References: https://www.dell.com/support/kbdoc/en-us/000382899/dsa-2025-393-security-update-for-storage-center-dell-storage-manager-vulnerabilities

CVE-2025-60548, CVE-2025-60553, & CVE-2025-60554 – D-Link DIR600LAx FW116WWb01 was discovered to contain buffer overflow vulnerabilities.
Product: D-Link DIR-600LAx
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60548
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60553
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60554

CVE-2025-60803 – Antabot White-Jotter contains an unauthenticated remote code execution vulnerability.
Product: Antabot White-Jotter
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60803

CVE-2025-62717 – Emlog Pro version 2.5.23 is vulnerable to a session verification code error that allows for reuse of the code in email verification processes, fixed in commit 1f726df.
Product: Emlog Pro
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62717

CVE-2025-10561 – The device is running an outdated operating system, which may be susceptible to known vulnerabilities.
Product: SICK TLOC100-100 all firmware versions
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10561
NVD References:
https://sick.com/psirt
https://www.sick.com/.well-known/csaf/white/2025/sca-2025-0013.pdf

CVE-2025-60291 – eTimeTrackLite Web thru 12.0 (20250704) is vulnerable to unauthorized attackers accessing specific routes and modifying database connection configurations due to a permission control flaw.
Product: eTimeTrackLite Web
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60291

CVE-2025-61481 – MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 are vulnerable to remote code execution through the HTTP-only WebFig management component.
Product: MikroTik RouterOS
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61481

CVE-2025-27224 – TRUfusion Enterprise through 7.10.4.0 has a vulnerability that permits path traversal sequences to be utilized for uploading files, potentially enabling the execution of arbitrary code.
Product: TRUfusion Enterprise
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-27224

CVE-2025-55754 – Apache Tomcat is vulnerable to improper neutralization of escape, meta, or control sequences, allowing an attacker to manipulate the console and clipboard via specially crafted URLs.
Product: Apache Tomcat
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-55754

CVE-2025-61385 – tlocke pg8000 1.31.4 is vulnerable to SQL injection through crafted Python list input.
Product: tlocke pg8000
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-61385

CVE-2025-62516 – TurboTenant property listing activation workflow has a vulnerability in API endpoints that could expose sensitive business metadata.
Product: VivaTurbo Rentals & Property Services Landlord Onboarding & Rental Signup
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62516

CVE-2025-36386 – IBM Maximo Application Suite versions 9.0.0 through 9.1.4 could allow remote attackers to bypass authentication and gain unauthorized access.
Product: IBM Maximo Application Suite
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-36386
NVD References: https://www.ibm.com/support/pages/node/7249416

CVE-2025-62368 – Taiga is vulnerable to remote code execution in versions 6.8.3 and earlier due to unsafe data deserialization, with a fix available in version 6.9.0.
Product: Taiga API
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62368

CVE-2025-64095 – DNN (formerly DotNetNuke) version prior to 10.1.1 allows unauthenticated file uploads and images to overwrite existing files, leading to possible website defacement and XSS injection vulnerabilities.
Product: DNN (formerly DotNetNuke)
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-64095

CVE-2025-4665 – WordPress plugin Contact Form CFDB7 versions up to and including 1.3.2 is vulnerable to pre-authentication SQL injection and insecure deserialization, allowing for remote exploitation without authentication through crafted input.
Product: WordPress Contact Form CFDB7
Active Installations: 600,000+
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-4665
NVD References: https://wordpress.org/plugins/contact-form-cfdb7

CVE-2025-10916 – The FormGent WordPress plugin before 1.0.4 allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation.
Product: FormGent WordPress plugin
Active Installations: 800
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-10916
NVD References: https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/

CVE-2025-48106 – CMSSuperHeroes Clanora allows unrestricted upload of dangerous files, posing a risk of using malicious files; affecting versions from n/a through < 1.3.1.
Product: CMSSuperHeroes Clanora
Active Installations: Unknown. Update to version 1.3.1 or later.
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-48106
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/clanora/vulnerability/wordpress-clanora-theme-1-3-1-arbitrary-file-upload-vulnerability

CVE-2025-49060 – CMSSuperHeroes Wastia contains a vulnerability that allows attackers to upload a web shell to a web server.
Product: CMSSuperHeroes Wastia
Active Installations: Unknown. Update to version 1.1.3 or later.
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49060
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/wastia/vulnerability/wordpress-wastia-theme-1-1-3-arbitrary-file-upload-vulnerability

CVE-2025-49901 – Simple Link Directory qc-simple-link-directory allows Authentication Abuse due to an Alternate Path or Channel vulnerability, affecting versions from n/a through < 14.8.1.
Product: quantumcloud Simple Link Directory
Active Installations: 2,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49901
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/qc-simple-link-directory/vulnerability/wordpress-simple-link-directory-plugin-14-8-1-broken-authentication-vulnerability

CVE-2025-49915 – Cozy Vision SMS Alert Order Notifications sms-alert is prone to SQL Injection from version n/a through <= 3.8.5.
Product: Cozy Vision SMS Alert Order Notifications
Active Installations: 4,000+
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49915
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/sms-alert/vulnerability/wordpress-sms-alert-order-notifications-plugin-3-8-5-sql-injection-vulnerability

CVE-2025-49931 – CrocoBlock JetSearch allows Blind SQL Injection vulnerability in versions n/a through <= 3.5.10.
Product: CrocoBlock JetSearch
Active Installations: Unknown. Update to version 3.5.10.1 or later.
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-49931
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/jet-search/vulnerability/wordpress-jetsearch-plugin-3-5-10-sql-injection-vulnerability

CVE-2025-52741 – Barry Kooij Post Connector is vulnerable to Reflected XSS due to improper input neutralization, affecting versions from n/a through <= 1.0.11.
Product: Barry Kooij Post Connector
Active Installations: 100+
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52741
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/post-connector/vulnerability/wordpress-post-connector-plugin-1-0-11-cross-site-scripting-xss-vulnerability

CVE-2025-52758 – Zippy allows unrestricted upload of dangerous file types, enabling the use of malicious files, impacting versions from n/a through 1.7.0.
Product: Gesundheit Bewegt GmbH Zippy
Active Installations: 10,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-52758
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/zippy/vulnerability/wordpress-zippy-plugin-1-7-0-arbitrary-file-upload-vulnerability

CVE-2025-58963 – 7oroof Medcity allows unrestricted upload of dangerous file types which can result in the uploading of a web shell to the web server, affecting versions from n/a through <1.1.9.
Product: 7oroof Medcity
Active Installations: Unknown. Update to version 1.1.9 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-58963
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/medcity/vulnerability/wordpress-medcity-theme-1-1-9-arbitrary-file-upload-vulnerability

CVE-2025-59557 – Learts Addons allows SQL Injection in versions prior to 1.7.5.
Product: ThemeMove Learts Addons
Active Installations: Unknown. Update to version 1.7.5 or later.
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-59557
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/learts-addons/vulnerability/wordpress-learts-addons-plugin-1-7-5-sql-injection-vulnerability

CVE-2025-60039 – Deserialization of Untrusted Data vulnerability in rascals Noisa allows Object Injection. This issue affects Noisa: from n/a through <= 2.6.0.
Product: rascals Noisa
Active Installations: Unknown. Update to version 2.6.3 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60039
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/noisa/vulnerability/wordpress-noisa-theme-2-6-0-php-object-injection-vulnerability

CVE-2025-60206 – Alone allows Code Injection, affecting versions from n/a through 7.8.3.
Product: Bearsthemes Alone
Active Installations: Unknown.
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60206
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/alone/vulnerability/wordpress-alone-theme-7-8-3-remote-code-execution-rce-vulnerability

CVE-2025-60209 – Connector for Gravity Forms and Google Sheets wp-gravity-forms-spreadsheets is vulnerable to Object Injection via Deserialization of Untrusted Data in versions from n/a through <= 1.2.6.
Product: CRM Perks Connector for Gravity Forms and Google Sheets
Active Installations: 3,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60209
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/wp-gravity-forms-spreadsheets/vulnerability/wordpress-connector-for-gravity-forms-and-google-sheets-plugin-1-2-5-php-object-injection-vulnerability

CVE-2025-60210 – Everest Forms – Frontend Listing everest-forms-frontend-listing is vulnerable to Object Injection via Deserialization of Untrusted Data in versions from n/a through 1.0.5.
Product: Everest Forms – Frontend Listing
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60210
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/everest-forms-frontend-listing/vulnerability/wordpress-everest-forms-frontend-listing-plugin-1-0-5-php-object-injection-vulnerability

CVE-2025-60213 – Deserialization of Untrusted Data vulnerability in Whitebox-Studio Scape allows Object Injection. This issue affects Scape: from n/a through <= 1.5.13.
Product: Whitebox-Studio Scape
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60213
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/scape/vulnerability/wordpress-scape-theme-1-5-13-php-object-injection-vulnerability

CVE-2025-60214 – Deserialization of Untrusted Data vulnerability in BoldThemes Goldenblatt allows Object Injection. This issue affects Goldenblatt: from n/a through <= 1.2.1.
Product: BoldThemes Goldenblatt
Active Installations: Unknown. Update to version 1.3.0 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60214
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/goldenblatt/vulnerability/wordpress-goldenblatt-theme-1-2-1-php-object-injection-vulnerability

CVE-2025-60216 – Deserialization of Untrusted Data vulnerability in BoldThemes Addison allows Object Injection. This issue affects Addison: from n/a through <= 1.4.2.
Product: BoldThemes Addison
Active Installations: Unknown. Update to version 1.4.8 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60216
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/addison/vulnerability/wordpress-addison-theme-1-4-2-php-object-injection-vulnerability

CVE-2025-60220 – Incorrect Privilege Assignment vulnerability in pebas CouponXxL allows Privilege Escalation.This issue affects CouponXxL: from n/a through <= 3.0.0.
Product: pebas CouponXxL
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60220
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/couponxxl/vulnerability/wordpress-couponxxl-theme-3-0-0-privilege-escalation-vulnerability

CVE-2025-60221 – captivatesync-trade in captivateaudio Captivate Sync allows Object Injection through deserialization of untrusted data, affecting versions up to 3.0.3.
Product: captivateaudio Captivate Sync
Active Installations: 1,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60221
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/captivatesync-trade/vulnerability/wordpress-captivate-sync-plugin-3-0-3-php-object-injection-vulnerability

CVE-2025-60224 – Subscribe to Download plugin for WordPress allows for Object Injection through deserialization of untrusted data, affecting versions from n/a through 2.0.9.
Product: wpshuffle Subscribe to Download
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60224
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/subscribe-to-download/vulnerability/wordpress-subscribe-to-download-plugin-2-0-9-php-object-injection-vulnerability

CVE-2025-60225 – Deserialization of Untrusted Data vulnerability in AncoraThemes BugsPatrol bugspatrol allows Object Injection. This issue affects BugsPatrol: from n/a through <= 1.5.0.
Product: AncoraThemes BugsPatrol
Active Installations: Unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60225
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/bugspatrol/vulnerability/wordpress-bugspatrol-theme-1-5-0-php-object-injection-vulnerability

CVE-2025-60226 – White Rabbit whiterabbit is vulnerable to Object Injection through deserialization of untrusted data, impacting versions from n/a through 1.5.2.
Product: axiomthemes White Rabbit
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60226
NVD References: https://vdp.patchstack.com/database/Wordpress/Theme/whiterabbit/vulnerability/wordpress-white-rabbit-theme-1-5-2-php-object-injection-vulnerability

CVE-2025-60232 – KBx Pro Ultimate knowledgebase-helpdesk-pro is vulnerable to Object Injection through deserialization of untrusted data, affecting versions from n/a through <= 8.0.5.
Product: quantumcloud KBx Pro Ultimate
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-60232
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/knowledgebase-helpdesk-pro/vulnerability/wordpress-kbx-pro-ultimate-plugin-8-0-5-php-object-injection-vulnerability

CVE-2025-62023 – s2Member is vulnerable to improper control of code generation, allowing for code injection from versions n/a through <= 250905.
Product: Cristián Lávaque s2Member
Active Installations: 10,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62023
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/s2member/vulnerability/wordpress-s2member-plugin-250905-remote-code-execution-rce-vulnerability

CVE-2025-62025 – Deserialization of Untrusted Data vulnerability in eyecix JobSearch wp-jobsearch. This issue affects JobSearch: from n/a through < 3.0.8.
Product: eyecix JobSearch
Active Installations: Unknown. Update to version 3.0.8 or later.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62025
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/wp-jobsearch/vulnerability/wordpress-jobsearch-plugin-3-0-8-php-object-injection-vulnerability

CVE-2025-6440 – The WooCommerce Designer Pro plugin for WordPress is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially execute remote code.
Product: WooCommerce Designer Pro plugin
Active Installations: Unknown.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-6440
NVD References: https://www.wordfence.com/threat-intel/vulnerabilities/id/cc2f8da1-7503-45e3-8a7d-0031ce264edf?source=cve

CVE-2025-62892 – Sunshine Photo Cart is vulnerable to Missing Authorization, allowing access to functionality not properly constrained by ACLs in versions n/a through 3.5.3.
Product: Sunshine Photo Cart
Active Installations: 1,000+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62892
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/sunshine-photo-cart/vulnerability/wordpress-sunshine-photo-cart-plugin-3-5-3-broken-access-control-vulnerability

CVE-2025-62908 – Podlove Web Player podlove-web-player is vulnerable to Missing Authorization, allowing unauthorized access to functionality not properly restricted by ACLs.
Product: Podlove Web Player gerritvanaaken
Active Installations: 5,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62908
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/podlove-web-player/vulnerability/wordpress-podlove-web-player-plugin-5-9-1-broken-access-control-vulnerability

CVE-2025-62919 – TS Demo Importer: Missing Authorization vulnerability allows attackers to exploit incorrectly configured access control security levels, affecting versions from n/a through 0.1.2.
Product: themeshopy TS Demo Importer
Active Installations: 100+
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2025-62919
NVD References: https://vdp.patchstack.com/database/Wordpress/Plugin/ts-demo-importer/vulnerability/wordpress-ts-demo-importer-plugin-0-1-2-broken-access-control-vulnerability

Wildcard SSL