August 15, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Critical Firefox libvpx Flaw Allows Zero-Click Code Execution
May 28, 2025Fake Google Meet Site Delivers Stealthy PowerShell Malware
May 28, 2025Critical Firefox libvpx Flaw Allows Zero-Click Code Execution
May 28, 2025Fake Google Meet Site Delivers Stealthy PowerShell Malware
May 28, 2025
Severity
High
Analysis Summary
CVE-2025-31060 CVSS:8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie allows PHP Local File Inclusion. This issue affects Capie: from n/a through 1.0.40.
CVE-2025-31064 CVSS:8.1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting allows PHP Local File Inclusion. This issue affects Vizeon - Business Consulting: from n/a through 1.1.7.
CVE-2025-31069 CVSS:9.8
Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-31060
CVE-2025-31064
CVE-2025-31069
Affected Vendors
- WordPress
Affected Products
- ApusTheme Capie - n/a
- gavias Vizeon - Business Consulting - n/a
- themeton HotStar – Multi-Purpose Business Theme - n/a
Remediation
Update the WordPress plugin to the latest available version.