Multiple GitLab Products Vulnerabilities

April 28, 2025

Multiple Oracle Products Vulnerabilities

April 28, 2025

Multiple WordPress Plugins Vulnerabilities

April 28, 2025

Severity

High

Analysis Summary

CVE-2025-46507 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in ldrumm Unsafe Mimetypes allows Stored XSS. This issue affects Unsafe Mimetypes: from n/a through 0.1.4.

CVE-2025-46442 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in Casey Johnson Loan Calculator allows Stored XSS. This issue affects Loan Calculator: from n/a through 1.3.

CVE-2025-46528 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in Steve Availability Calendar allows Stored XSS. This issue affects Availability Calendar: from n/a through 0.2.4.

Impact

Gain Access
Cross-site Scripting

Indicators of Compromise

CVE

CVE-2025-46507
CVE-2025-46442
CVE-2025-46528

Affected Vendors

WordPress

Affected Products

ldrumm Unsafe Mimetypes - n/a
Casey Johnson Loan Calculator - n/a
Steve Availability Calendar - n/a

Remediation

Upgrade to the latest version for WordPress, available from the WordPress Plugin Directory.

CVE-2025-46507

CVE-2025-46442

CVE-2025-46528

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Hackers Exploit Cisco ASA and FTD Zero-Day RCE flaw

Cl0p Exploits New Zero-Day Flaws – Active IOCs

WordPress Post SMTP Flaw Puts 400,000 Sites at Risk of Account Takeovers

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Multiple GitLab Products Vulnerabilities

Multiple Oracle Products Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation