CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

May 9, 2025

CVE ID : CVE-2025-3949

Published : May 9, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘seedprod_lite_get_revisisons’ function in all versions up to, and including, 6.18.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the content of arbitrary landing page revisions.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46392 – Apache Commons Configuration Uncontrolled Resource Consumption Vulnerability

Next Article CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

The Power Of The Intl API: A Definitive Guide To Browser-Native Internationalization

This week in AI dev tools: GPT-5, Claude Opus 4.1, and more (August 8, 2025)

Elastic simplifies log analytics for SREs and developers with launch of Log Essentials

OpenAI launches GPT-5

I compared the best headphones from Apple, Sony, Bose, and Sonos: Here’s how the AirPods Max wins

I changed these 6 settings on my iPad to significantly improve its battery life

DistroWatch Weekly, Issue 1134

3 portable power stations I travel everywhere with (and how they differ)

Next.js PWA offline capability with Service Worker, no extra package

Next.js PWA offline capability with Service Worker, no extra package

spatie/laravel-flare

Establishing Consistent Data Foundations with Laravel’s Database Population System

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Windows 11 Copilot gets free access to GPT-5 Thinking, reduced rate limits than ChatGPT Free

Best Architecture AI Rendering Platform: 6 Tools Tested

Microsoft won’t kill off Chromium Edge and PWAs on Windows 10 until October 2028

CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Researchers Reveal ReVault Attack Targeting Dell ControlVault3 Firmware in 100+ Laptop Models

Researchers Detail Windows EPM Poisoning Exploit Chain Leading to Domain Privilege Escalation

CVE-2025-49297 – Mikado-Themes Grill and Chow PHP Local File Inclusion Vulnerability

GPD MicroPC 2: Souped-Up Successor to Original Pocket PC

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

CVE-2025-49071 – NASAtheme Flozen File Upload Vulnerability

Boom Ratatatata: The Future of Music is Here, Sung by Human AI and AGI Robots!

CVE-2025-49132 – Pterodactyl Unauthenticated Remote Code Execution Vulnerability

CVE-2025-6473 – School Fees Payment System Cross-Site Scripting Vulnerability

You can use T-Mobile’s Starlink service to send images, audio, and video now – here’s how

CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Related Posts