CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

May 9, 2025

CVE ID : CVE-2025-3949

Published : May 9, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘seedprod_lite_get_revisisons’ function in all versions up to, and including, 6.18.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the content of arbitrary landing page revisions.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46392 – Apache Commons Configuration Uncontrolled Resource Consumption Vulnerability

Next Article CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Highlights

CVE-2025-5646 – “Radare2 Rainbow Free Memory Corruption Vulnerability”

June 5, 2025

CVE ID : CVE-2025-5646

Published : June 5, 2025, 8:15 a.m. | 3 hours, 25 minutes ago

Description : A vulnerability has been found in Radare2 5.9.9 and classified as problematic. This vulnerability affects the function r_cons_rainbow_free in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is identified as 5705d99cc1f23f36f9a84aab26d1724010b97798. It is recommended to apply a patch to fix this issue. The documentation explains that the parameter -T is experimental and “crashy”. Further analysis has shown “the race is not a real problem unless you use asan”. A new warning has been added.

Severity: 2.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-3091 – Apache HTTP Server Authentication Bypass

Use Passkeys in Your Laravel App

New RISC-V AI PC Delivers 50 TOPS, Runs Ubuntu 24.04

Google says easy email encryption is on the way – for some users

CVE-2025-5646 – “Radare2 Rainbow Free Memory Corruption Vulnerability”

CVE-2025-48948 – Navidrome Unauthorized Transcoding Configuration

The 75-inch Toshiba C350 is a great budget TV, and it just dropped below $500

CVE-2025-28354 – Entrust Corp Printer Manager Directory Traversal

CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Related Posts