Overview CVE-2025-40545 details an open redirection vulnerability found in SolarWinds Observability Self-Hosted. This security flaw allows attackers to potentially redirect users to malicious websites by manipulating the URL parameters. While the attack complexity is considered high and authentication is required, the impact can still be significant. It’s crucial to understand the technical details and implement the recommended mitigation steps. Technical Details The vulnerability arises from insufficient sanitization of URL parameters within the SolarWinds Observability Self-Hosted application. An attacker could craft a malicious URL containing a redirect payload. If a legitimate, authenticated user clicks on this crafted link, they could be…
-
-
Overview CVE-2025-26391 details a Cross-Site Scripting (XSS) vulnerability identified in the SolarWinds Observability Self-Hosted platform. This vulnerability allows attackers with low-level authenticated access to inject malicious scripts into user-created URL fields, potentially leading to unauthorized actions, data theft, or other malicious activities. Technical Details The vulnerability resides in the way the SolarWinds Observability platform handles user-supplied input within URL fields. Specifically, insufficient sanitization and encoding of user-provided data allows an attacker to inject malicious JavaScript code. When a user accesses a page containing the injected script, the script executes in the user’s browser, operating within the security context of the…
-
Overview A high-severity Local File Inclusion (LFI) vulnerability has been discovered in the Category and Product Woocommerce Tabs plugin for WordPress. This vulnerability, identified as CVE-2025-13088, affects all versions of the plugin up to and including version 1.0. Successful exploitation of this vulnerability allows authenticated attackers with Contributor-level access or higher to include and execute arbitrary PHP files on the server, potentially leading to complete system compromise. Technical Details The vulnerability lies in the categoryProductTab() function within the plugin’s code. Specifically, the ‘template’ parameter lacks sufficient input validation. An attacker can manipulate this parameter to include arbitrary local files on…
-
Overview A critical security vulnerability, identified as CVE-2025-12962, has been discovered in the Local Syndication plugin for WordPress. This vulnerability allows authenticated attackers to perform Server-Side Request Forgery (SSRF) attacks. Specifically, all versions of the Local Syndication plugin up to and including version 1.5a are affected. This flaw stems from the plugin’s use of wp_remote_get() instead of the more secure wp_safe_remote_get() function when handling the url parameter within the [syndicate_local] shortcode. Technical Details The vulnerability resides in the way the Local Syndication plugin handles user-supplied URLs within the [syndicate_local] shortcode. The insecure use of wp_remote_get() allows authenticated users, with Contributor-level…
-
Overview CVE-2025-12961 is a medium severity vulnerability affecting the Download Panel plugin for WordPress, versions up to and including 1.3.3. This flaw allows authenticated attackers with Subscriber-level access or higher to modify the plugin’s settings without proper authorization. Due to a missing capability check, malicious actors can manipulate display text, download links, button colors, and other visual customizations, potentially leading to phishing attacks or defacement of your website. Technical Details The vulnerability lies in the dlpn_save_settings() function, which is responsible for saving the Download Panel plugin’s settings. The issue arises because the wp_ajax_save_settings AJAX action, which triggers this function, lacks…
-
Overview CVE-2025-12937 is a medium-severity vulnerability affecting the ACF Flexible Layouts Manager plugin for WordPress. Specifically, versions up to and including 1.1.6 are susceptible to unauthorized modification of data due to a missing capability check on the acf_flm_update_template_with_pasted_layout function. This flaw allows unauthenticated attackers to update custom field values on individual posts and pages, potentially leading to site defacement, data breaches, or other malicious activities. Technical Details The vulnerability lies within the acf_flm_update_template_with_pasted_layout function, which is designed to handle the pasting of layout templates. The core issue is the absence of a capability check before executing the update operation. This…
-
Overview A critical Cross-Site Request Forgery (CSRF) vulnerability has been identified in the Top Friends plugin for WordPress. Designated as CVE-2025-12827, this flaw affects all versions up to and including 0.3. It allows unauthenticated attackers to potentially modify the plugin’s settings if they can trick a site administrator into performing an action, such as clicking a malicious link. Technical Details The vulnerability stems from the absence of proper nonce validation within the top_friends_options_subpanel() function of the Top Friends plugin. Nonce validation is a crucial security mechanism that prevents CSRF attacks by ensuring that requests originate from the legitimate user interface…
-
Overview CVE-2025-12823 identifies a stored Cross-Site Scripting (XSS) vulnerability found in the CSV to SortTable WordPress plugin. This vulnerability affects all versions up to and including 4.2. It allows authenticated attackers, with Contributor-level access or higher, to inject malicious JavaScript code into pages using the ‘csv’ shortcode. This code executes whenever a user visits the compromised page. Technical Details The vulnerability stems from insufficient input sanitization and output escaping within the plugin’s ‘csv’ shortcode functionality. Specifically, user-supplied attributes passed to the shortcode are not properly validated before being rendered into the HTML output. An attacker can inject arbitrary HTML and…
-
Overview A high-severity vulnerability, identified as CVE-2025-12775, has been discovered in the WP Dropzone plugin for WordPress. This vulnerability allows authenticated users, with subscriber-level access and above, to upload arbitrary files to the affected server, potentially leading to remote code execution. This affects all versions up to, and including, 1.1.0 of the WP Dropzone plugin. Immediate action is recommended to mitigate this risk. Technical Details The vulnerability resides within the ajax_upload_handle function of the WP Dropzone plugin. Specifically, the chunked upload functionality writes files directly to the uploads directory before any file type validation is performed. This allows an attacker…
-
Overview CVE-2025-12528 identifies a high-severity arbitrary file upload vulnerability found in the Pie Forms for WP plugin for WordPress. Affecting all versions up to and including 1.6, this vulnerability could allow unauthenticated attackers to upload malicious files, potentially leading to remote code execution (RCE) on the affected server. While exploiting this vulnerability requires some degree of predictability in the upload directory, the risk remains significant. Technical Details The vulnerability resides within the format_classic function of the plugin’s file upload handling mechanism. Specifically, the validate_classic method checks file extensions but does not adequately prevent the file upload process from proceeding even…