Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-32212 CVSS:6.5

Missing Authorization vulnerability in Specia Theme Specia Companion allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Specia Companion: from n/a through 4.6.

CVE-2025-32210 CVSS:6.5

CM Registration and Invitation Codes Plugin for WordPress could allow a remote attacker to bypass security restrictions, caused by missing authorization vulnerability.

CVE-2025-32208 CVSS:6.5

Missing Authorization vulnerability in Hive Support Hive Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hive Support: from n/a through 1.2.2.

Impact

Security Bypass

Indicators of Compromise

CVE

CVE-2025-32212
CVE-2025-32210
CVE-2025-32208

Affected Vendors

WordPress

Affected Products

WordPress Specia Companion Plugin for WordPress 4.6
WordPress CM Registration and Invitation Codes Plugin for WordPress 2.5.2
WordPress Hive Support Plugin for WordPress 1.2.2

Remediation

Upgrade to the latest version for WordPress, available from the WordPress Plugin Directory.

CVE-2025-32212

CVE-2025-32210

CVE-2025-32208

Multiple Microsoft AutoUpdate Vulnerabilities

CISA Issues Alert on Active Exploitation of SonicWall Command Injection Vulnerability

Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan