Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-57932 CVSS:6.5

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Diego Pereira PowerFolio allows Stored XSS. This issue affects PowerFolio: from n/a through 3.2.1.

CVE-2025-57987 CVSS:5.3

Missing Authorization vulnerability in ThimPress WP Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Events Manager: from n/a through 2.2.1.

Impact

Cross-Site Scripting
Gain Access

Indicators of Compromise

CVE

CVE-2025-57932
CVE-2025-57987

Affected Vendors

WordPress

Affected Products

Diego Pereira PowerFolio
ThimPress WP Events Manager

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-57932

CVE-2025-57987

Cisco IOS/XE Flaw Enables Remote Auth Bypass and Data Theft

Up to 2 Million Cisco Devices Hit by Actively Exploited Zero-Day

Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan