Overview A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the SortTable Post plugin for WordPress, tracked as CVE-2025-12649. This vulnerability affects all versions of the plugin up to and including 4.2. Exploitation of this flaw allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into WordPress pages. This code executes in a user’s browser upon interaction with the injected page. Technical Details The vulnerability stems from insufficient input sanitization and output escaping of the id parameter within the sorttablepost shortcode. Specifically, the plugin fails to properly sanitize the ‘id’ attribute provided by users when…

Overview CVE-2025-12579 identifies a security vulnerability within the Reuters Direct WordPress plugin. This vulnerability allows unauthenticated attackers to reset the plugin’s settings, potentially leading to unauthorized modification of data and disruption of service. The vulnerability affects all versions of the plugin up to and including version 3.0.0. Technical Details The root cause of this vulnerability is a missing capability check on the ‘logoff’ action. The plugin lacks proper authorization checks, allowing anyone, even unauthenticated users, to trigger the ‘logoff’ function. This function, when executed, resets the plugin’s configuration to its default state, which can include sensitive settings and API keys…

Overview CVE-2025-12578 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Reuters Direct plugin for WordPress, versions 3.0.0 and below. This vulnerability allows unauthenticated attackers to potentially reset the plugin’s settings by tricking a logged-in administrator into performing an unintended action, such as clicking on a malicious link. Technical Details The vulnerability stems from missing or inadequate nonce validation within the class-reuters-direct-settings.php file. WordPress uses nonces (Numbers used Once) as a security token to prevent CSRF attacks. Without proper nonce validation, an attacker can craft a malicious request that, when executed by an authenticated administrator, will modify the plugin’s settings.…

Overview CVE-2025-0658 describes a significant vulnerability affecting Automated Logic and Carrier Zone Controllers. This vulnerability, exploitable through the BACnet protocol, can cause affected devices to crash. The device enters a fault state, and a subsequent packet after a reset can render the device permanently unresponsive, requiring a manual power cycle to restore functionality. This vulnerability poses a serious risk to building automation systems and critical infrastructure reliant on these controllers. Technical Details The vulnerability resides in the handling of malformed or specifically crafted BACnet packets. While the exact nature of the packet is not publicly available in this initial disclosure,…

Overview CVE-2025-0657 identifies a vulnerability affecting Automated Logic and Carrier i-Vu Gen5 routers running driver version drv_gen5_106-01-2380. This flaw allows attackers to send malformed packets through the BACnet MS/TP network, causing the affected devices to enter a fault state, effectively leading to a denial-of-service (DoS) condition. Recovery requires a manual power cycle, significantly impacting network visibility and control. Technical Details The vulnerability stems from improper handling of malformed BACnet MS/TP packets by the router’s firmware. Specifically, when a specially crafted packet is received, the device fails to process it correctly, leading to a system error that results in the device…

Overview CVE-2024-5540 describes a reflective cross-site scripting (XSS) vulnerability affecting ALC WebCTRL and Carrier i-Vu building automation systems in versions older than 8.0. This vulnerability resides within the login panels of these systems. Successful exploitation could allow a malicious actor to compromise the client browser of a user accessing the affected login page. This could lead to session hijacking, credential theft, or other malicious activities. Technical Details The vulnerability is a reflective XSS, meaning the malicious script is embedded within a crafted URL. When a user clicks on this malicious link and visits the vulnerable login page, the script is…

Overview CVE-2024-5539 describes an Access Control Bypass vulnerability identified in ALC WebCTRL and Carrier i-Vu. This vulnerability affects versions up to and including 8.5. A successful exploit could allow an attacker to bypass intended access restrictions within the web-based building automation server, potentially leading to the exposure of sensitive information and unauthorized control of building systems. Technical Details The vulnerability resides in the web application component of ALC WebCTRL and Carrier i-Vu. While specific technical details regarding the vulnerability’s root cause are not publicly available, the nature of an “Access Control Bypass” suggests a flaw in the application’s authentication or…

Overview This article details a cross-site scripting (XSS) vulnerability identified as CVE-2025-66040 in Spotipy, a popular Python library for interacting with the Spotify Web API. This vulnerability affects applications using Spotipy for OAuth authentication. Specifically, the issue lies within the OAuth callback server, where user-supplied data is not properly sanitized, leading to potential JavaScript injection. Users are strongly advised to update to Spotipy version 2.25.2 or later to mitigate this risk. Technical Details The vulnerability stems from insufficient input validation of the error parameter in the OAuth callback URL. When an error occurs during the OAuth authorization flow, Spotipy’s internal…

Overview CVE-2025-66035 is a security vulnerability affecting Angular applications. This vulnerability involves the leakage of Cross-Site Request Forgery (XSRF) tokens through the use of protocol-relative URLs (those starting with //) within Angular’s HTTP client. An attacker could potentially exploit this leakage to gain unauthorized access or perform actions on behalf of legitimate users. Technical Details Angular’s HttpClient includes a built-in XSRF protection mechanism. This mechanism checks if a request URL starts with a protocol (http:// or https://) to determine if it is a cross-origin request. If the URL is considered same-origin, the XSRF token is automatically added to the X-XSRF-TOKEN…

Overview CVE-2025-66031 describes a critical vulnerability affecting versions 1.3.1 and below of Forge (also known as node-forge), a native JavaScript implementation of Transport Layer Security (TLS). This vulnerability, an uncontrolled recursion issue in ASN.1 parsing, allows unauthenticated, remote attackers to trigger a Denial-of-Service (DoS) attack by crafting deeply nested ASN.1 structures. When node-forge attempts to parse these malicious structures, it leads to unbounded recursive parsing, resulting in stack exhaustion and ultimately a DoS. Technical Details The vulnerability resides in how node-forge handles ASN.1 (Abstract Syntax Notation One) structures, a standard for data serialization. Specifically, when parsing DER (Distinguished Encoding Rules)…