Multiple WordPress Plugins Vulnerabilities
July 16, 2025North Korean APT Kimsuky aka Black Banshee – Active IOCs
July 16, 2025Multiple WordPress Plugins Vulnerabilities
July 16, 2025North Korean APT Kimsuky aka Black Banshee – Active IOCs
July 16, 2025Severity
Medium
Analysis Summary
CVE-2025-53668 CVSS:6.5
Jenkins VAddy Plugin 1.2.8 and earlier stores Vaddy API Auth Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2025-53669 CVSS:4.3
Jenkins VAddy Plugin 1.2.8 and earlier does not mask Vaddy API Auth Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53667 CVSS:5.3
Jenkins Dead Man's Snitch Plugin 0.1 does not mask Dead Man's Snitch tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them
CVE-2025-53666 CVSS:6.5
Jenkins Dead Man's Snitch Plugin 0.1 stores Dead Man's Snitch tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2025-53665 CVSS:4.3
Jenkins Apica Loadtest Plugin 1.10 and earlier does not mask Apica Loadtest LTP authentication tokens displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53664 CVSS:6.5
Jenkins Apica Loadtest Plugin 1.10 and earlier stores Apica Loadtest LTP authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2025-53663 CVSS:6.5
Jenkins IBM Cloud DevOps Plugin 2.0.16 and earlier stores SonarQube authentication tokens unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2025-53662 CVSS:6.5
Jenkins IFTTT Build Notifier Plugin 1.2 and earlier stores IFTTT Maker Channel Keys unencrypted in job config.xml files on the Jenkins controller, where they can be viewed by users with Item/Extended Read permission or access to the Jenkins controller file system.
CVE-2025-53661 CVSS:4.3
Jenkins Testsigma Test Plan run Plugin 1.6 and earlier does not mask Testsigma API keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
CVE-2025-53660 CVSS:4.3
Jenkins QMetry Test Management Plugin 1.13 and earlier does not mask Qmetry Automation API Keys displayed on the job configuration form, increasing the potential for attackers to observe and capture them.
Impact
- Information Disclosure
- Gain Access
- Privilege Escalation
Indicators of Compromise
CVE
- CVE-2025-53668
- CVE-2025-53669
- CVE-2025-53667
- CVE-2025-53666
- CVE-2025-53665
- CVE-2025-53664
- CVE-2025-53663
- CVE-2025-53662
- CVE-2025-53661
- CVE-2025-53660
Affected Vendors
- Jenkins
Affected Products
- Jenkins VAddy Plugin 1.2.8
- Jenkins Dead Man's Snitch Plugin 0.1
- Jenkins Apica Loadtest Plugin 1.10
- Jenkins IBM Cloud DevOps Plugin 2.0.16
- Jenkins IFTTT Build Notifier Plugin 1.2
- Jenkins Testsigma Test Plan run Plugin 1.6
- Jenkins QMetry Test Management Plugin 1.13
Remediation
Refer to Jenkins Website for patch, upgrade, or suggested workaround information.