Overview A critical security vulnerability, identified as CVE-2025-13538, has been discovered in the FindAll Listing plugin for WordPress. This vulnerability allows unauthenticated attackers to escalate their privileges to administrator level, potentially compromising the entire website. This affects all versions up to, and including, 1.0.5. Crucially, this vulnerability is only exploitable when the FindAll Membership plugin is also active. Technical Details The vulnerability stems from the findall_listing_user_registration_additional_params function within the FindAll Listing plugin. This function fails to properly restrict the user roles that can be assigned during user registration. An attacker can exploit this by submitting the ‘administrator’ role during the…

Overview CVE-2025-12758 is a high-severity vulnerability affecting versions of the popular JavaScript package validator before 13.15.22. This vulnerability stems from an incomplete filtering of Unicode variation selectors within the isLength() function, leading to inaccurate string length calculations. This can allow attackers to bypass length-based input validation, potentially causing significant security issues in applications using the affected versions of the library. Technical Details The isLength() function in vulnerable versions of validator.js fails to correctly account for Unicode variation selectors (specifically \uFE0F and \uFE0E). These selectors are used to specify the desired visual representation of a character. The vulnerability arises because the…

Overview This article provides a detailed analysis of CVE-2025-12151, a Stored Cross-Site Scripting (XSS) vulnerability discovered in the Simple Folio WordPress plugin. This vulnerability affects all versions up to and including 1.1.0. Exploitation allows authenticated attackers with Subscriber-level access or higher to inject malicious JavaScript code into the plugin’s portfolio entries. This code then executes in the browsers of other users who view the infected pages, potentially leading to account compromise, data theft, or website defacement. Technical Details The vulnerability resides in the lack of proper input sanitization and output escaping of the portfolio_name parameter. Specifically, when a user creates…

Published: 2025-11-27 Overview CVE-2025-66314 is a high-severity vulnerability affecting ZTE ElasticNet UME R32, specifically version ElasticNet_UME_R32_V16.23.20.04. This vulnerability stems from improper privilege management, allowing attackers to access functionality that is not adequately constrained by Access Control Lists (ACLs). This can lead to unauthorized actions and potential compromise of the system. Technical Details The vulnerability resides in the way ZTE ElasticNet UME R32 handles user privileges. Due to insufficient ACL enforcement, an attacker with low-level access may be able to exploit specific functionalities and gain access to higher-level operations or sensitive data. The flaw allows bypassing intended security restrictions and performing…

Overview CVE-2025-34351 is a critical vulnerability affecting Anyscale Ray version 2.52.0. This vulnerability stems from an insecure default configuration where token-based authentication for Ray management interfaces, including the dashboard and Jobs API, is disabled. Without proper authentication, a remote attacker with network access can submit jobs and execute arbitrary code on the Ray cluster. Technical Details Anyscale Ray is a popular framework for scaling AI and Python applications. In version 2.52.0, the default configuration does not enforce token-based authentication. Unless the `RAY_AUTH_MODE` environment variable is explicitly set to `token`, the management interfaces are left exposed and unauthenticated. This lack of…

Overview CVE-2025-13762 describes an Improper Input Validation vulnerability affecting the CyberArk Secure Web Sessions Extension for Chrome and Edge browsers. This vulnerability can lead to a Denial of Service (DoS) condition when attempting to start new SWS sessions. The issue has been identified in versions prior to 2.2.30305. Technical Details The vulnerability stems from insufficient validation of user-supplied input during the initiation of new Secure Web Sessions (SWS). An attacker could potentially exploit this by providing crafted input that causes the extension to crash or become unresponsive, effectively denying service to legitimate users. While the exact nature of the improper…

Overview CVE-2025-12713 describes a Stored Cross-Site Scripting (XSS) vulnerability found in the Soundslides plugin for WordPress. This vulnerability affects all versions of the plugin up to and including version 1.4.2. It allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into pages or posts using the soundslides shortcode. When a user visits the page containing the injected script, the script will execute in their browser, potentially leading to account compromise or other malicious actions. Technical Details The vulnerability stems from insufficient input sanitization and output escaping when handling user-supplied attributes within the soundslides shortcode. Specifically, the…

Overview CVE-2025-12712 details a Stored Cross-Site Scripting (XSS) vulnerability found in the Shouty plugin for WordPress. This vulnerability affects all versions of the plugin up to and including 0.2.1. It allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into WordPress pages. This code executes whenever a user views the affected page, potentially leading to account compromise, data theft, or website defacement. Technical Details The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes within the shouty shortcode. Specifically, when the plugin processes the shouty shortcode, it fails to properly sanitize and escape…

Overview CVE-2025-12670 identifies a Stored Cross-Site Scripting (XSS) vulnerability affecting the wp-twitpic WordPress plugin. This vulnerability resides in versions 1.0 and earlier. It allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into pages through the plugin’s shortcode functionality. When a user visits a page containing the injected script, the script executes, potentially leading to account compromise, data theft, or other malicious activities. Technical Details The wp-twitpic plugin utilizes a shortcode, [twitpic], to embed images from Twitpic (although Twitpic is no longer active, the plugin continues to function and process the shortcode). The vulnerability stems from…

Overview This article details a critical security vulnerability, identified as CVE-2025-12666, affecting the “Google Drive Upload and Download Link” WordPress plugin. This vulnerability is a Stored Cross-Site Scripting (XSS) flaw that could allow attackers to inject malicious JavaScript code into your website. This code can then execute in the browsers of other users who visit the affected pages, potentially leading to data theft, account compromise, or website defacement. All versions of the plugin up to and including 1.0 are affected. Technical Details The vulnerability lies within the ‘atachfilegoogle’ shortcode of the plugin. Specifically, the ‘link’ parameter is not properly sanitized…