July 4, 2025
Proactive Defense: The Importance of Incident Response Planning in Cybersecurity
Azure and Power Apps Flaws Allow Privilege Escalation Attacks
July 4, 2025
Azure and Power Apps Flaws Allow Privilege Escalation Attacks
July 4, 2025
Severity
Medium
Analysis Summary
CVE-2025-23968 CVSS:9.1
Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server. This issue affects AiBud WP: from n/a through 1.8.5.
CVE-2025-3702 CVSS:5.4
Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Melapress File Monitor: from n/a before 2.2.0.
CVE-2025-49032 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS. This issue affects Gutenberg Blocks: from n/a through 3.3.1.
Impact
- Code Execution
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-23968
CVE-2025-3702
CVE-2025-49032
Affected Vendors
- WordPress
Affected Products
- Melapress Melapress File Monitor
- WPCenter AiBud WP 1.8.5
- PublishPress Gutenberg Blocks 3.3.1
Remediation
Refer to WordPress Website for patch, upgrade, or suggested workaround information.