Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-31049 CVSS:9.8

Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.

CVE-2025-31056 CVSS:9.3

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce: from n/a through 1.1.0.

CVE-2025-31053 CVSS:7.7

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8.

Impact

Data Manipulation
Gain Access

Indicators of Compromise

CVE

CVE-2025-31049
CVE-2025-31056
CVE-2025-31053

Affected Vendors

WordPress

Affected Products

themeton Dash - n/a
quantumcloud KBx Pro Ultimate - n/a

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-31049

CVE-2025-31056

CVE-2025-31053

Multiple Apple Products Vulnerabilities

Lumma Stealer Malware aka LummaC – Active IOCs

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan