Rewterz

Multiple Linux Kernel Vulnerabilities

May 5, 2025
Rewterz

Apache Parquet Java Vulnerability Allows Remote Code Execution by Attackers

May 5, 2025

Multiple WordPress Plugins Vulnerabilities

Severity

Medium

Analysis Summary

CVE-2025-3952 CVSS:8.1

Projectopia Plugin for WordPress is vulnerable to a denial of service, caused by a missing capability check on the 'pto_remove_logo' function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to delete arbitrary option values, leading to a denial of service.

CVE-2025-39413 CVSS:4.3

Simple Sitemap Plugin for WordPress Plugin for WordPress could allow a remote authenticated attacker to bypass security restrictions caused by a missing authorization vulnerability.

Impact

  • Denial of Service
  • Security Bypass

Indicators of Compromise

CVE

  • CVE-2025-3952

  • CVE-2025-39413

Affected Vendors

  • WordPress

Affected Products

  • Projectopia Plugin for WordPress 5.1.16
  • Simple Sitemap Plugin for WordPress 3.5.14

Remediation

Update to the latest available version, available from the WordPress Plugin Directory.

CVE-2025-3952

CVE-2025-39413

Reading this advisory was a good start.

Make it a habit.

Rewterz publishes threat advisories ahead of mainstream cybersecurity media, informed by an AI-Native Autonomous SOC that sees regional threat actor activity in real time. Subscribe to receive each new advisory as it publishes, plus a monthly Middle East threat landscape brief drawn from our own SOC telemetry. For teams evaluating their detection coverage, a 30-minute consultation with a senior analyst is also available, at your pace, when you're ready.