Multiple Linux Kernel Vulnerabilities
May 5, 2025Apache Parquet Java Vulnerability Allows Remote Code Execution by Attackers
May 5, 2025Multiple Linux Kernel Vulnerabilities
May 5, 2025Apache Parquet Java Vulnerability Allows Remote Code Execution by Attackers
May 5, 2025Severity
Medium
Analysis Summary
CVE-2025-3952 CVSS:8.1
Projectopia Plugin for WordPress is vulnerable to a denial of service, caused by a missing capability check on the 'pto_remove_logo' function. By sending a specially crafted request, a remote attacker could exploit this vulnerability to delete arbitrary option values, leading to a denial of service.
CVE-2025-39413 CVSS:4.3
Simple Sitemap Plugin for WordPress Plugin for WordPress could allow a remote authenticated attacker to bypass security restrictions caused by a missing authorization vulnerability.
Impact
- Denial of Service
- Security Bypass
Indicators of Compromise
CVE
CVE-2025-3952
CVE-2025-39413
Affected Vendors
- WordPress
Affected Products
- Projectopia Plugin for WordPress 5.1.16
- Simple Sitemap Plugin for WordPress 3.5.14
Remediation
Update to the latest available version, available from the WordPress Plugin Directory.