June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Multiple Apple Products Vulnerabilities
May 27, 2025
Lumma Stealer Malware aka LummaC – Active IOCs
May 28, 2025
Multiple Apple Products Vulnerabilities
May 27, 2025
Lumma Stealer Malware aka LummaC – Active IOCs
May 28, 2025
Severity
High
Analysis Summary
CVE-2025-31049 CVSS:9.8
Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.
CVE-2025-31056 CVSS:9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through 1.1.0.
CVE-2025-31053 CVSS:7.7
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8.
Impact
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-31049
CVE-2025-31056
CVE-2025-31053
Affected Vendors
- WordPress
Affected Products
- themeton Dash - n/a
- quantumcloud KBx Pro Ultimate - n/a
Remediation
Update the WordPress plugin to the latest available version.
