Multiple Microsoft Windows Vulnerabilities

June 13, 2025

Multiple Fortinet Products Vulnerabilities

June 14, 2025

Multiple WordPress Plugins Vulnerabilities

June 13, 2025

Severity

High

Analysis Summary

CVE-2025-5282 CVSS:7.5

The WP Travel Engine – Tour Booking Plugin – Tour Operator Software plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_package() function in all versions up to, and including, 6.5.1. This makes it possible for unauthenticated attackers to delete arbitrary posts.

CVE-2025-49454 CVSS:8.1

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in LoftOcean TinySalt allows PHP Local File Inclusion.This issue affects TinySalt: from n/a before 3.10.0.

Impact

Gain Access

Indicators of Compromise

CVE

CVE-2025-5282
CVE-2025-4945

Affected Vendors

WordPress

Affected Products

Tour Booking Plugin – Tour Operator Software plugin
TinySalt Theme - 3.10.0

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-5282

CVE-2025-49454

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

Hacked SonicWall VPN Tool Used to Steal Data – Active IOCs

APT Hackers Abuse Microsoft ClickOnce to Deliver Trusted Malware

Multiple Google Chrome Vulnerabilities

Threat Insights

About Us

Our Leadership

CSR

Connect with Us