Amadey Botnet – Active IOCs

March 31, 2025

Multiple Apple Products Vulnerabilities

March 31, 2025

Multiple WordPress Plugins Vulnerabilities

March 31, 2025

Severity

High

Analysis Summary

CVE-2025-31387 CVSS:7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in InstaWP InstaWP Connect allows PHP Local File Inclusion. This issue affects InstaWP Connect: from n/a through 0.1.0.82.

CVE-2025-31016 CVSS:7.5

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in NotFound JetWooBuilder allows PHP Local File Inclusion. This issue affects JetWooBuilder: from n/a through 2.1.18.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2025-31387
CVE-2025-31016

Affected Vendors

WordPress

Affected Products

InstaWP InstaWP Connect - n/a
NotFound JetWooBuilder - n/a

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-31387

CVE-2025-31016

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

CoinMiner Malware – Active IOCs

Google Warns of Active Exploits Targeting Chrome V8 Vulnerability

CVE-2025-6554 – Google Chrome Vulnerability

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Amadey Botnet – Active IOCs

Multiple Apple Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation