April 29, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
CISA Warns of Four Actively Exploited Security Flaws in KEV Catalog
February 5, 2025DarkCrystal RAT aka DCRat – Active IOCs
February 6, 2025CISA Warns of Four Actively Exploited Security Flaws in KEV Catalog
February 5, 2025DarkCrystal RAT aka DCRat – Active IOCs
February 6, 2025
Severity
High
Analysis Summary
CVE-2025-22693 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Contest Gallery Contest Gallery allows SQL Injection. This issue affects Contest Gallery: from n/a through 25.1.0.
CVE-2025-22691 CVSS:7.6
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Travel WP Travel allows SQL Injection. This issue affects WP Travel: from n/a through 10.1.0.
CVE-2025-22690 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in DigiTimber DigiTimber cPanel Integration allows Stored XSS. This issue affects DigiTimber cPanel Integration: from n/a through 1.4.6.
CVE-2025-22688 CVSS:7.1
Cross-Site Request Forgery (CSRF) vulnerability in Ederson Peka Unlimited Page Sidebars allows Stored XSS. This issue affects Unlimited Page Sidebars: from n/a through 0.2.6.
Impact
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-22693
CVE-2025-22691
CVE-2025-22690
CVE-2025-22688
Affected Vendors
- WordPress
Affected Products
- Contest Gallery Contest Gallery - n/a
- WP Travel WP Travel - n/a
- DigiTimber DigiTimber cPanel Integration - n/a
- Ederson Peka Unlimited Page Sidebars - n/a
Remediation
Update the WordPress plugin to the latest available version.
