Azure and Power Apps Flaws Allow Privilege Escalation Attacks
July 4, 2025Microsoft and DocuSign Targeted in PDF Phishing Campaign
July 4, 2025Azure and Power Apps Flaws Allow Privilege Escalation Attacks
July 4, 2025Microsoft and DocuSign Targeted in PDF Phishing Campaign
July 4, 2025Severity
Medium
Analysis Summary
CVE-2025-23968 CVSS:9.1
Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server. This issue affects AiBud WP: from n/a through 1.8.5.
CVE-2025-3702 CVSS:5.4
Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Melapress File Monitor: from n/a before 2.2.0.
CVE-2025-49032 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS. This issue affects Gutenberg Blocks: from n/a through 3.3.1.
Impact
- Code Execution
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-23968
CVE-2025-3702
CVE-2025-49032
Affected Vendors
- WordPress
Affected Products
- Melapress Melapress File Monitor
- WPCenter AiBud WP 1.8.5
- PublishPress Gutenberg Blocks 3.3.1
Remediation
Refer to WordPress Website for patch, upgrade, or suggested workaround information.