Overview CVE-2025-12712 details a Stored Cross-Site Scripting (XSS) vulnerability found in the Shouty plugin for WordPress. This vulnerability affects all versions of the plugin up to and including 0.2.1. It allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into WordPress pages. This code executes whenever a user views the affected page, potentially leading to account compromise, data theft, or website defacement. Technical Details The vulnerability stems from insufficient input sanitization and output escaping on user-supplied attributes within the shouty shortcode. Specifically, when the plugin processes the shouty shortcode, it fails to properly sanitize and escape…
-
-
Overview CVE-2025-12670 identifies a Stored Cross-Site Scripting (XSS) vulnerability affecting the wp-twitpic WordPress plugin. This vulnerability resides in versions 1.0 and earlier. It allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into pages through the plugin’s shortcode functionality. When a user visits a page containing the injected script, the script executes, potentially leading to account compromise, data theft, or other malicious activities. Technical Details The wp-twitpic plugin utilizes a shortcode, [twitpic], to embed images from Twitpic (although Twitpic is no longer active, the plugin continues to function and process the shortcode). The vulnerability stems from…
-
Overview This article details a critical security vulnerability, identified as CVE-2025-12666, affecting the “Google Drive Upload and Download Link” WordPress plugin. This vulnerability is a Stored Cross-Site Scripting (XSS) flaw that could allow attackers to inject malicious JavaScript code into your website. This code can then execute in the browsers of other users who visit the affected pages, potentially leading to data theft, account compromise, or website defacement. All versions of the plugin up to and including 1.0 are affected. Technical Details The vulnerability lies within the ‘atachfilegoogle’ shortcode of the plugin. Specifically, the ‘link’ parameter is not properly sanitized…
-
Overview A Stored Cross-Site Scripting (XSS) vulnerability has been identified in the SortTable Post plugin for WordPress, tracked as CVE-2025-12649. This vulnerability affects all versions of the plugin up to and including 4.2. Exploitation of this flaw allows authenticated attackers with Contributor-level access or higher to inject malicious JavaScript code into WordPress pages. This code executes in a user’s browser upon interaction with the injected page. Technical Details The vulnerability stems from insufficient input sanitization and output escaping of the id parameter within the sorttablepost shortcode. Specifically, the plugin fails to properly sanitize the ‘id’ attribute provided by users when…
-
Overview CVE-2025-12579 identifies a security vulnerability within the Reuters Direct WordPress plugin. This vulnerability allows unauthenticated attackers to reset the plugin’s settings, potentially leading to unauthorized modification of data and disruption of service. The vulnerability affects all versions of the plugin up to and including version 3.0.0. Technical Details The root cause of this vulnerability is a missing capability check on the ‘logoff’ action. The plugin lacks proper authorization checks, allowing anyone, even unauthenticated users, to trigger the ‘logoff’ function. This function, when executed, resets the plugin’s configuration to its default state, which can include sensitive settings and API keys…
-
Overview CVE-2025-12578 is a Cross-Site Request Forgery (CSRF) vulnerability affecting the Reuters Direct plugin for WordPress, versions 3.0.0 and below. This vulnerability allows unauthenticated attackers to potentially reset the plugin’s settings by tricking a logged-in administrator into performing an unintended action, such as clicking on a malicious link. Technical Details The vulnerability stems from missing or inadequate nonce validation within the class-reuters-direct-settings.php file. WordPress uses nonces (Numbers used Once) as a security token to prevent CSRF attacks. Without proper nonce validation, an attacker can craft a malicious request that, when executed by an authenticated administrator, will modify the plugin’s settings.…
-
Overview CVE-2025-0658 describes a significant vulnerability affecting Automated Logic and Carrier Zone Controllers. This vulnerability, exploitable through the BACnet protocol, can cause affected devices to crash. The device enters a fault state, and a subsequent packet after a reset can render the device permanently unresponsive, requiring a manual power cycle to restore functionality. This vulnerability poses a serious risk to building automation systems and critical infrastructure reliant on these controllers. Technical Details The vulnerability resides in the handling of malformed or specifically crafted BACnet packets. While the exact nature of the packet is not publicly available in this initial disclosure,…
-
Overview CVE-2025-0657 identifies a vulnerability affecting Automated Logic and Carrier i-Vu Gen5 routers running driver version drv_gen5_106-01-2380. This flaw allows attackers to send malformed packets through the BACnet MS/TP network, causing the affected devices to enter a fault state, effectively leading to a denial-of-service (DoS) condition. Recovery requires a manual power cycle, significantly impacting network visibility and control. Technical Details The vulnerability stems from improper handling of malformed BACnet MS/TP packets by the router’s firmware. Specifically, when a specially crafted packet is received, the device fails to process it correctly, leading to a system error that results in the device…
-
Overview CVE-2024-5540 describes a reflective cross-site scripting (XSS) vulnerability affecting ALC WebCTRL and Carrier i-Vu building automation systems in versions older than 8.0. This vulnerability resides within the login panels of these systems. Successful exploitation could allow a malicious actor to compromise the client browser of a user accessing the affected login page. This could lead to session hijacking, credential theft, or other malicious activities. Technical Details The vulnerability is a reflective XSS, meaning the malicious script is embedded within a crafted URL. When a user clicks on this malicious link and visits the vulnerable login page, the script is…
-
Overview CVE-2024-5539 describes an Access Control Bypass vulnerability identified in ALC WebCTRL and Carrier i-Vu. This vulnerability affects versions up to and including 8.5. A successful exploit could allow an attacker to bypass intended access restrictions within the web-based building automation server, potentially leading to the exposure of sensitive information and unauthorized control of building systems. Technical Details The vulnerability resides in the web application component of ALC WebCTRL and Carrier i-Vu. While specific technical details regarding the vulnerability’s root cause are not publicly available, the nature of an “Access Control Bypass” suggests a flaw in the application’s authentication or…