September 26, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Cisco IOS/XE Flaw Enables Remote Auth Bypass and Data Theft
September 25, 2025
Up to 2 Million Cisco Devices Hit by Actively Exploited Zero-Day
September 26, 2025
Cisco IOS/XE Flaw Enables Remote Auth Bypass and Data Theft
September 25, 2025
Up to 2 Million Cisco Devices Hit by Actively Exploited Zero-Day
September 26, 2025
Severity
Medium
Analysis Summary
CVE-2025-57932 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Diego Pereira PowerFolio allows Stored XSS. This issue affects PowerFolio: from n/a through 3.2.1.
CVE-2025-57987 CVSS:5.3
Missing Authorization vulnerability in ThimPress WP Events Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Events Manager: from n/a through 2.2.1.
Impact
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2025-57932
CVE-2025-57987
Affected Vendors
- WordPress
Affected Products
- Diego Pereira PowerFolio
- ThimPress WP Events Manager
Remediation
Update the WordPress plugin to the latest available version.