Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-31387 CVSS:7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.

CVE-2025-31016 CVSS:7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2025-31387
CVE-2025-31016

Affected Vendors

WordPress

Affected Products

InstaWP InstaWP Connect - n/a
NotFound JetWooBuilder - n/a

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-31387

CVE-2025-31016

Amadey Botnet – Active IOCs

Multiple Apple Products Vulnerabilities

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan