CVE-2025-3520 – “WordPress Avatar Plugin File Deletion Vulnerability”

April 21, 2025

CVE ID : CVE-2025-3520

Published : April 18, 2025, 2:15 a.m. | 3 days, 20 hours ago

Description : The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-42599 – Active! Mail Stack-Based Buffer Overflow Vulnerability

Next Article Today’s LLMs craft exploits from patches at lightning speed

Highlights

CVE-2025-5140 – Seeyon Zhiyuan OA Web Application System Server-Side Request Forgery Vulnerability

May 25, 2025

CVE ID : CVE-2025-5140

Published : May 25, 2025, 2:15 a.m. | 2 hours, 48 minutes ago

Description : A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file comourswwwehropenPlatform1open4ClientTypecontrollerThirdMenuController.class. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

AI and its impact on the developer experience, or ‘where is the joy?’

Google launches OSS Rebuild tool to improve trust in open source packages

AI-enabled software development: Risk of skill erosion or catalyst for growth?

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Power bank slapped with a recall? Stop using it now – here’s why

I recommend these budget earbuds over pricier Bose and Sony models – here’s why

Microsoft’s big AI update for Windows 11 is here – what’s new

Slow internet speed on Linux? This 30-second fix makes all the difference

Singleton and Scoped Container Attributes in Laravel 12.21

Singleton and Scoped Container Attributes in Laravel 12.21

wulfheart/laravel-actions-ide-helper

lanos/laravel-cashier-stripe-connect

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

‘Wuchang: Fallen Feathers’ came close to fully breaking me multiple times — a soulslike as brutal and as beautiful as it gets

Sam Altman is “terrified” of voice ID fraudsters embracing AI — and threats of US bioweapon attacks keep him up at night

NVIDIA boasts a staggering $111 million in market value per employee — since it became the world’s first $4 trillion company

CVE-2025-3520 – “WordPress Avatar Plugin File Deletion Vulnerability”

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

Why is your data worth so much? | Unlocked 403 cybersecurity podcast (S2E4)

CodeSOD: Would a Function by Any Other Name Still be WTF?

CVE-2025-31711 – Apache CPLog Null Pointer Dereference Denial of Service

Alert: Exposed JDWP Interfaces Lead to Crypto Mining, Hpingbot Targets SSH for DDoS

CVE-2025-5609 – Tenda AC18 Buffer Overflow Vulnerability

CVE-2025-5140 – Seeyon Zhiyuan OA Web Application System Server-Side Request Forgery Vulnerability

Your Roku TV is getting several free updates – including a big one for Roku City

Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets

CVE-2025-3854 – H3C GR-3000AX HTTP POST Request Handler Buffer Overflow Vulnerability

CVE-2025-3520 – “WordPress Avatar Plugin File Deletion Vulnerability”

Related Posts