Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

CVE-2025-49873 CVSS:7.1

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NasaTheme Elessi allows Reflected XSS. This issue affects Elessi: from n/a through 6.3.9.

CVE-2025-52772 CVSS:7.1

Cross-Site Request Forgery (CSRF) vulnerability in Adnan Haque (a11n) Virtual Moderator allows Cross-Site Scripting (XSS). This issue affects Virtual Moderator: from n/a through 1.4.

Impact

Cross-Site Scripting

Indicators of Compromise

CVE

CVE-2025-49873
CVE-2025-52772

Affected Vendors

WordPress

Affected Products

NasaTheme Elessi from n/a through 6.3.9.
Virtual Moderator: from n/a through 1.4.

Remediation

Update the WordPress plugin to the latest available version.

CVE-2025-49873

CVE-2025-52772

Multiple D-Link DIR-825 Vulnerabilities

EchoLeak: Zero-Click AI Exploit Exposes Microsoft 365 Copilot Data

Multiple WordPress Plugins Vulnerabilities

Severity

High

Analysis Summary

Indicators of Compromise

CVE

Affected Vendors

Affected Products

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan