June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
ICS: Multiple Siemens Products Vulnerabilities
May 13, 2025
FortiVoice 0-Day Exploited for Remote Code Execution
May 13, 2025
ICS: Multiple Siemens Products Vulnerabilities
May 13, 2025
FortiVoice 0-Day Exploited for Remote Code Execution
May 13, 2025
Severity
Medium
Analysis Summary
CVE-2025-47462 CVSS:8.8
Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challan allows Privilege Escalation. This issue affects Challan: from n/a through 3.7.58.
CVE-2025-47460 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in TrackShip TrackShip for WooCommerce allows SQL Injection. This issue affects TrackShip for WooCommerce: from n/a through 1.9.1.
Impact
- Privilege Escalation
- Data Manipulation
Indicators of Compromise
CVE
CVE-2025-47462
CVE-2025-47460
Affected Vendors
- WordPress
Affected Products
- Ohidul Islam Challan - n/a
- TrackShip TrackShip for WooCommerce - n/a
Remediation
Update the WordPress plugin to the latest available version.
