June 25, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Gafgyt aka Bashlite Malware – Active IOCs
January 20, 2025
Agent Tesla Malware – Active IOCs
January 20, 2025
Gafgyt aka Bashlite Malware – Active IOCs
January 20, 2025
Agent Tesla Malware – Active IOCs
January 20, 2025
Severity
High
Analysis Summary
CVE-2025-22337 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infosoft Consultant Order Audit Log for WooCommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through 2.0.
CVE-2025-22344 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Convoy Media Category Library allows Reflected XSS.This issue affects Media Category Library: from n/a through 2.7.
CVE-2025-22498 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in New Normal LLC LucidLMS allows Reflected XSS.This issue affects LucidLMS: from n/a through 1.0.5.
CVE-2025-22506 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartAgenda Smart Agenda allows Stored XSS.This issue affects Smart Agenda: from n/a through 4.7.
CVE-2025-22499 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Post Tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through 1.1.18.
CVE-2025-22514 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Tatheer KNR Author List Widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through 3.1.1.
CVE-2025-22583 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Sojatia Scan External Links allows Reflected XSS.This issue affects Scan External Links: from n/a through 1.0.
CVE-2025-22588 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scanventory.net Scanventory allows Reflected XSS.This issue affects Scanventory: from n/a through 1.1.3.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-22337
CVE-2025-22344
CVE-2025-22498
CVE-2025-22506
CVE-2025-22499
CVE-2025-22514
CVE-2025-22583
CVE-2025-22588
Affected Vendors
- WordPress
Affected Products
- Infosoft Consultant Order Audit Log for WooCommerce - n/a
- Convoy Media Category Library - n/a
- SmartAgenda Smart Agenda - n/a
- FAKTOR VIER F4 Post Tree - n/a
- Yamna Tatheer KNR Author List Widget - n/a
- Anshul Sojatia Scan External Links - n/a
- New Normal LLC LucidLMS - n/a
- Scanventory.net Scanventory - n/a
Remediation
Upgrade to the latest version of the plugin for WordPress, available from the WordPress Plugin Directory.