Azure and Power Apps Flaws Allow Privilege Escalation Attacks
July 4, 2025Azure and Power Apps Flaws Allow Privilege Escalation Attacks
July 4, 2025Severity
Medium
Analysis Summary
CVE-2025-23968 CVSS:9.1
Unrestricted Upload of File with Dangerous Type vulnerability in WPCenter AiBud WP allows Upload a Web Shell to a Web Server. This issue affects AiBud WP: from n/a through 1.8.5.
CVE-2025-3702 CVSS:5.4
Missing Authorization vulnerability in Melapress Melapress File Monitor allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Melapress File Monitor: from n/a before 2.2.0.
CVE-2025-49032 CVSS:6.5
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PublishPress Gutenberg Blocks allows Stored XSS. This issue affects Gutenberg Blocks: from n/a through 3.3.1.
Impact
- Code Execution
- Gain Access
- Cross-Site Scripting
Indicators of Compromise
CVE
CVE-2025-23968
CVE-2025-3702
CVE-2025-49032
Affected Vendors
- WordPress
Affected Products
- Melapress Melapress File Monitor
- WPCenter AiBud WP 1.8.5
- PublishPress Gutenberg Blocks 3.3.1
Remediation
Refer to WordPress Website for patch, upgrade, or suggested workaround information.