Severity
High
Analysis Summary
CVE-2025-32206 CVSS:9.1
Unrestricted Upload of File with Dangerous Type vulnerability in LABCAT Processing Projects allows Upload a Web Shell to a Web Server. This issue affects Processing Projects: from n/a through 1.0.2. Processing Projects Plugin for WordPress could allow a remote attacker to upload arbitrary files, caused by the improper validation of file extensions.
CVE-2025-3102 CVSS:8.1
The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78. This makes it possible for unauthenticated attackers to create administrator accounts on the target website when the plugin is installed and activated but not configured with an API key.
CVE-2025-32117 CVSS:7.1
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.
Impact
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-32206
CVE-2025-3102
CVE-2025-32117
Affected Vendors
- WordPress
Affected Products
- Processing Projects Plugin for WordPress 1.0.2
- brainstormforce OttoKit: All-in-One Automation Platform (Formerly SureTriggers)
- OTWthemes Widgetize Pages Light - n/a
Remediation
Update the WordPress plugin to the latest available version.