Request a Demo
Rewterz
Azure and Power Apps Flaws Allow Privilege Escalation Attacks
July 4, 2025
Rewterz
Microsoft and DocuSign Targeted in PDF Phishing Campaign
July 4, 2025

Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-23968 CVSS:9.1

Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server. This issue affects AiBud WP: from n/a through 1.8.5.

CVE-2025-3702 CVSS:5.4

Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Melapress File Monitor: from n/a before 2.2.0.

CVE-2025-49032 CVSS:6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS. This issue affects Gutenberg Blocks: from n/a through 3.3.1.

Impact

  • Code Execution
  • Gain Access
  • Cross-Site Scripting

Indicators of Compromise

CVE

  • CVE-2025-23968

  • CVE-2025-3702

  • CVE-2025-49032

Affected Vendors

  • WordPress

Affected Products

  • Melapress Melapress File Monitor
  • WPCenter AiBud WP 1.8.5
  • PublishPress Gutenberg Blocks 3.3.1

Remediation

Refer to WordPress Website for patch, upgrade, or suggested workaround information.

CVE-2025-23968 

CVE-2025-3702

CVE-2025-49032