Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-31060 CVSS:8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie allows PHP Local File Inclusion. This issue affects Capie: from n/a through 1.0.40.

CVE-2025-31064 CVSS:8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting allows PHP Local File Inclusion. This issue affects Vizeon - Business Consulting: from n/a through 1.1.7.

CVE-2025-31069 CVSS:9.8

Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2025-31060
CVE-2025-31064
CVE-2025-31069

Affected Vendors

WordPress

Affected Products

ApusTheme Capie - n/a
gavias Vizeon - Business Consulting - n/a
themeton HotStar – Multi-Purpose Business Theme - n/a

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-31060

CVE-2025-31064

CVE-2025-31069

Critical Firefox libvpx Flaw Allows Zero-Click Code Execution

Fake Google Meet Site Delivers Stealthy PowerShell Malware

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan