Imechapishwa: Apr 26, 2025 23:28
Advisory No: TZCERT-SA-25-0089
Source: Wordfence
Software Affected: aihub, docket-cache, fluent-boards, wanderland, ivy-school, nd-booking, fluent-community, foton
WordPress plugins are vulnerable to critical vulnerabilities. Exploitation of these vulnerabilities may allow an unauthenticated attacker to execute arbitrary code.
WordPress plugins aihub, docket-cache, fluent-boards, wanderland, ivy-school, nd-booking, fluent-community, and foton are affected by the vulnerabilities tracked as CVE-2025-1093, CVE-2025-39461, CVE-2025-39551, CVE-2025-39467, CVE-2025-39470, CVE-2025-39526, CVE-2025-39550, and CVE-2025-39458 with CVSS scores of 9.8 each. The plugins are vulnerable due to missing file type validation in the generate_image function, Local File Inclusion, and deserialization of untrusted input. The vulnerabilities allow unauthenticated attackers to bypass access controls, obtain sensitive data, or achieve code execution.
Successful exploitation of these vulnerabilities may allow the attackers to take control of the affected system.
WordPress has released security patches for these vulnerabilities. Users and administrators are encouraged to apply necessary updates.
A digest of Tanzania Computer Emergency Response Team coverage of cyber-security news across the globe.
