Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2025-24472 — Fortinet Fortiproxy: An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS 7.0.0 through 7.0.16 and FortiProxy 7.2.0 through 7.2.12, 7.0.0 through 7.0.19 may allow a remote unauthenticated attacker with prior knowledge of upstream and downstream devices serial numbers to gain super-admin privileges on the downstream device, if the Security Fabric is enabled, via crafted CSF proxy requests. CVSSv3.1 8.1 (HIGH) · EPSS 86th percentile
CVE-2025-0693: AWS IAM User Enumeration
Rhino Security Labs disclosed two username enumeration vulnerabilities in AWS IAM Console login. Finding 1 (MFA-enabled users) uses UI state divergence to confirm user existence; Finding 2 (CVE-2025-0693, non-MFA users) exploits a ~100ms timing difference in authentication validation. AWS patched CVE-2025-0693 but classified Finding 1 as an accepted risk.
CVE-2025-0181 — Foodbakery: The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.8. This is due to the plugin not properly validating a user's identity prior to setting the current user and their authentication cookie. This makes it possible for unauthenticated attackers to gain access to a target user's (e.g. administrators) account. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-0180 — Foodbakery: The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions
The WP Foodbakery plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.7. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-25167 — Blackandwhitedigital Bookpress: Missing Authorization vulnerability in Black and White BookPress – For Book Authors book-press allows
Missing Authorization vulnerability in Black and White BookPress – For Book Authors book-press allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BookPress – For Book Authors: from n/a through <= 1.2.7. CVSSv3.1 8.2 (HIGH)
CVE-2025-25151 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Stylemix uListing ulisting allows SQL Injection.This issue affects uListing: from n/a through <= 2.1.6. CVSSv3.1 8.5 (HIGH)
CVE-2025-25107 — Site: Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request
Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites onestore-sites allows Cross Site Request Forgery.This issue affects OneStore Sites: from n/a through <= 0.1.1. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-25106 — Site: Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross
Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP starter-templates allows Cross Site Request Forgery.This issue affects Starter Templates by FancyWP: from n/a through <= 2.0.0. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-25101 — Site: Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites munk-sites allows Cross Site Request
Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites munk-sites allows Cross Site Request Forgery.This issue affects Munk Sites: from n/a through <= 1.0.7. CVSSv3.1 9.6 (CRITICAL)
CVE-2025-1026 — Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method, which results in a Local File Inclusion allowing the attacker to read sensitive files. **Note:** This is a bypass of the fix for [CVE-2024-21549](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8533023). CVSSv3.1 8.6 (HIGH) · EPSS 37th percentile
CVE-2025-1022 — Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in
Versions of the package spatie/browsershot before 5.0.5 are vulnerable to Improper Input Validation in the setHtml function, invoked by Browsershot::html(), which can be bypassed by omitting the slashes in the file URI (e.g., file:../../../../etc/passwd). This is due to missing validations of the user input that should be blocking file URI schemes (e.g., file:// and file:/) in the HTML content. CVSSv3.1 8.2 (HIGH) · EPSS 39th percentile
CVE-2025-24677 — Control: Improper Control of Generation of Code ('Code Injection') vulnerability in wpspin Post/Page Copying Tool
Improper Control of Generation of Code ('Code Injection') vulnerability in wpspin Post/Page Copying Tool postpage-import-export-with-custom-fields-taxonomies allows Remote Code Inclusion.This issue affects Post/Page Copying Tool: from n/a through <= 2.0.3. CVSSv3.1 9.9 (CRITICAL)
CVE-2025-22700 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.3. CVSSv3.1 8.5 (HIGH)
CVE-2025-22699 — Neutralization: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in shinetheme Traveler Code traveler-code.This issue affects Traveler Code: from n/a through < 3.1.2. CVSSv3.1 9.0 (CRITICAL)
CVE-2025-1020 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with
Memory safety bugs present in Firefox 134 and Thunderbird 134. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135 and Thunderbird 135. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-1017 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 128.6, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-1016 — Mozilla Firefox: Some of these bugs showed evidence of memory corruption and we presume that with
Memory safety bugs present in Firefox 134, Thunderbird 134, Firefox ESR 115.19, Firefox ESR 128.6, Thunderbird 115.19, and Thunderbird 128.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-1014 — Mozilla Firefox: Certificate length was not properly checked when added to a certificate store.
Certificate length was not properly checked when added to a certificate store. In practice only trusted data was processed. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. CVSSv3.1 8.8 (HIGH)
CVE-2025-1011 — Mozilla Firefox: A bug in WebAssembly code generation could have lead to a crash.
A bug in WebAssembly code generation could have lead to a crash. It may have been possible for an attacker to leverage this to achieve code execution. This vulnerability was fixed in Firefox 135, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. CVSSv3.1 8.8 (HIGH)
CVE-2025-1010 — Mozilla Firefox: An attacker could have caused a use-after-free via the Custom Highlight API, leading to
An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. CVSSv3.1 8.8 (HIGH)
CVE-2025-1009 — Mozilla Firefox: An attacker could have caused a use-after-free via crafted XSLT data, leading to a
An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. This vulnerability was fixed in Firefox 135, Firefox ESR 115.20, Firefox ESR 128.7, Thunderbird 128.7, and Thunderbird 135. CVSSv3.1 9.8 (CRITICAL)
CVE-2025-24661 — Deserialization: of Untrusted Data vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows
Deserialization of Untrusted Data vulnerability in magepeopleteam Taxi Booking Manager for WooCommerce ecab-taxi-booking-manager allows Object Injection.This issue affects Taxi Booking Manager for WooCommerce: from n/a through <= 1.1.8. CVSSv3.1 8.8 (HIGH)
CVE-2025-0366 — Artbees Jupiter_x_core: The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to
The Jupiter X Core plugin for WordPress is vulnerable to Local File Inclusion to Remote Code Execution in all versions up to, and including, 4.8.7 via the get_svg() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution. In this s CVSSv3.1 8.8 (HIGH)
CVE-2024-13767 — Live2DWebCanvas: The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient
The Live2DWebCanvas plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ClearFiles() function in all versions up to, and including, 1.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). CVSSv3.1 8.1 (HIGH)
CVE-2024-13742 — Icontrolwp Icontrolwp: The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP
The iControlWP – Multiple WordPress Site Manager plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.4.5 via deserialization of untrusted input from the reqpars parameter. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. I CVSSv3.1 9.8 (CRITICAL)