June 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
SmokeLoader Malware – Active IOCs
February 3, 2025
Multiple Microsoft Products Vulnerabilities
February 3, 2025
SmokeLoader Malware – Active IOCs
February 3, 2025
Multiple Microsoft Products Vulnerabilities
February 3, 2025
Severity
High
Analysis Summary
CVE-2025-24635 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paytm Paytm Payment Donation allows Reflected XSS. This issue affects Paytm Payment Donation: from n/a through 2.3.1.
CVE-2025-24710 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcel Pol Gwolle Guestbook allows Reflected XSS. This issue affects Gwolle Guestbook: from n/a through 4.7.1.
CVE-2025-24718 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SWIT WP Sessions Time Monitoring Full Automatic allows Reflected XSS. This issue affects WP Sessions Time Monitoring Full Automatic: from n/a through 1.1.1.
CVE-2025-24608 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Mail Queue allows Reflected XSS. This issue affects GD Mail Queue: from n/a through 4.3.
CVE-2025-24632 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce allows Reflected XSS. This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.9.0.
CVE-2025-24609 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PortOne PORTONE 우커머스 결제 allows Reflected XSS. This issue affects PORTONE 우커머스 결제: from n/a through 3.2.4.
CVE-2025-23980 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in James Andrews Full Circle allows Stored XSS. This issue affects Full Circle: from n/a through 0.5.7.8.
CVE-2025-23978 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Ninos Ego FlashCounter allows Stored XSS. This issue affects FlashCounter: from n/a through 1.1.8.
CVE-2025-23977 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Bhaskar Dhote Post Carousel Slider allows Stored XSS. This issue affects Post Carousel Slider: from n/a through 2.0.1.
CVE-2025-24686 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss User Registration Forms RegistrationMagic allows Reflected XSS. This issue affects RegistrationMagic: from n/a through 6.0.3.3.
Impact
- Cross-Site Scripting
- Gain Access
Indicators of Compromise
CVE
CVE-2025-24635
CVE-2025-24710
CVE-2025-24718
CVE-2025-24608
CVE-2025-24632
CVE-2025-24609
CVE-2025-23980
CVE-2025-23978
CVE-2025-23977
CVE-2025-24686
Affected Vendors
- WordPress
Affected Products
- Paytm Paytm Payment Donation - n/a
- Marcel Pol Gwolle Guestbook - n/a
- SWIT WP Sessions Time Monitoring Full Automatic - n/a
- Milan Petrovic GD Mail Queue - n/a
- AlgolPlus Advanced Dynamic Pricing for WooCommerce - n/a
- PortOne PORTONE - n/a
- James Andrews Full Circle - n/a
- Ninos Ego FlashCounter - n/a
- Bhaskar Dhote Post Carousel Slider - n/a
- Metagauss User Registration Forms RegistrationMagic - n/a
Remediation
Update the WordPress plugin to the latest available version on the WordPress website.
