DarkCrystal RAT aka DCRat – Active IOCs
March 4, 2025CISA Flags Actively Exploited Vulnerabilities in Cisco, Microsoft, Hitachi, and Progress Software
March 4, 2025DarkCrystal RAT aka DCRat – Active IOCs
March 4, 2025CISA Flags Actively Exploited Vulnerabilities in Cisco, Microsoft, Hitachi, and Progress Software
March 4, 2025Severity
High
Analysis Summary
CVE-2025-23751 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Data Dash allows Reflected XSS. This issue affects Data Dash: from n/a through 1.2.3.
CVE-2025-23750 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in devbunchuk Custom Widget Creator allows Reflected XSS. This issue affects Custom Widget Creator: from n/a through 1.0.5.
CVE-2025-23748 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Singsys -Awesome Gallery allows Reflected XSS. This issue affects Singsys -Awesome Gallery: from n/a through 1.0.
CVE-2025-23742 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Podamibe Nepal Podamibe Twilio Private Call allows Reflected XSS. This issue affects Podamibe Twilio Private Call: from n/a through 1.0.1.
CVE-2025-23658 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tauhidul Alam Advanced Angular Contact Form allows Reflected XSS. This issue affects Advanced Angular Contact Form: from n/a through 1.1.0.
CVE-2025-23657 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WordPress-to-candidate for Salesforce CRM allows Reflected XSS. This issue affects WordPress-to-candidate for Salesforce CRM: from n/a through 1.0.1.
Impact
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-23751
CVE-2025-23750
CVE-2025-23748
CVE-2025-23742
CVE-2025-23658
CVE-2025-23657
Affected Vendors
- WordPress
Affected Products
- Think201 Data Dash - n/a
- devbunchuk Custom Widget Creator - n/a
- NotFound Singsys -Awesome Gallery - n/a
- Podamibe Nepal Podamibe Twilio Private Call - n/a
- Tauhidul Alam Advanced Angular Contact Form - n/a
- NotFound WordPress-to-candidate for Salesforce CRM - n/a
Remediation
Update the WordPress plugin to the latest available version.