CVE-2025-3917 – “Baidu Station SEO Plugin Arbitrary File Upload Vulnerability”

May 15, 2025

CVE ID : CVE-2025-3917

Published : May 15, 2025, 4:16 a.m. | 36 minutes ago

Description : The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleFOSS Weekly #25.20: KDE Widgets, Deepin Security Issues, New GNOME Player and More Linux Stuff

Next Article CVE-2025-4579 – WordPress Content Security Plugin Stored Cross-Site Scripting

Highlights

CVE-2025-4916 – PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

May 19, 2025

CVE ID : CVE-2025-4916

Published : May 19, 2025, 7:15 a.m. | 4 hours, 1 minute ago

Description : A vulnerability was found in PHPGurukul Auto Taxi Stand Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/admin-profile.php. The manipulation of the argument mobilenumber leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

I’ve tested every Samsung Galaxy phone in 2025 – here’s the model I’d recommend on sale

Google Photos just put all its best editing tools a tap away – here’s the shortcut

Claude can teach you how to code now, and more – how to try it

One of the best work laptops I’ve tested has MacBook written all over it (but it’s even better)

Controlling Execution Flow with Laravel’s Sleep Helper

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

This Week in Laravel: Filament 4, Laravel Boost, and Junie Review

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

FOSS Weekly #25.33: Debian 13 Released, Torvalds vs RISC-V, Arch’s New Tool, GNOME Perfection and More Linux Stuff

Ultimate ChatGPT-5 Prompt Guide: 52 Ideas for Any Task

CVE-2025-3917 – “Baidu Station SEO Plugin Arbitrary File Upload Vulnerability”

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

From Banking Darling to $1B Fraud Magnet: Inside the Zelle Lawsuit 2025

CVE-2025-3843 – Panhainan DS-Java CSRF Vulnerability

Distribution Release: Fedora 42

CVE-2025-6126 – PHPGurukul Rail Pass Management System Cross Site Scripting Vulnerability

CVE-2025-6224 – Juju Certificate Private Key Exposure

CVE-2025-4916 – PHPGurukul Auto Taxi Stand Management System SQL Injection Vulnerability

Data Loading with Python and AI

Improve or leave: Microsoft makes it easier to fire underperformers

Why Value-Based Care Needs Digital Transformation to Succeed

CVE-2025-3917 – “Baidu Station SEO Plugin Arbitrary File Upload Vulnerability”

Related Posts