Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-3952 CVSS:8.1

Projectopia Plugin for WordPress is vulnerable to a denial of service, caused by a missing capability check on the 'pto_remove_logo' function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to delete arbitrary option values, leading to a denial of service.

CVE-2025-39413 CVSS:4.3

Simple Sitemap Plugin for WordPress Plugin for WordPress could allow a remote authenticated attacker to bypass security restrictions caused by a missing authorization vulnerability.

Impact

Denial of Service
Security Bypass

Indicators of Compromise

CVE

CVE-2025-3952
CVE-2025-39413

Affected Vendors

WordPress

Affected Products

Projectopia Plugin for WordPress 5.1.16
Simple Sitemap Plugin for WordPress 3.5.14

Remediation

Update to the latest available version, available from the WordPress Plugin Directory.

CVE-2025-3952

CVE-2025-39413

Multiple Linux Kernel Vulnerabilities

Apache Parquet Java Vulnerability Allows Remote Code Execution by Attackers

Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan