CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

May 9, 2025

CVE ID : CVE-2025-3949

Published : May 9, 2025, 9:15 a.m. | 2 hours, 52 minutes ago

Description : The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ‘seedprod_lite_get_revisisons’ function in all versions up to, and including, 6.18.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the content of arbitrary landing page revisions.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-46392 – Apache Commons Configuration Uncontrolled Resource Consumption Vulnerability

Next Article CVE-2025-4403 – WooCommerce Drag and Drop Multiple File Upload Arbitrary File Upload Vulnerability

Highlights

CVE-2025-5178 – Realce Tecnologia Queue Ticket Kiosk Unrestricted File Upload Vulnerability

May 26, 2025

CVE ID : CVE-2025-5178

Published : May 26, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files[] leads to unrestricted upload. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Coded Smorgasbord: High Strung

Chainguard launches trusted collection of verified JavaScript libraries

CData launches Connect AI to provide agents access to enterprise data sources

PostgreSQL 18 adds asynchronous I/O to improve performance

Distribution Release: Neptune 9.0

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

PHP 8.5.0 RC 1 available for testing

PHP 8.5.0 RC 1 available for testing

Terraform Code Generator Using Ollama and CodeGemma

Beyond Denial: How AI Concierge Services Can Transform Healthcare from Reactive to Proactive

Distribution Release: Neptune 9.0

Distribution Release: Neptune 9.0

FOSS Weekly #25.39: Kill Switch Phones, LMDE 7, Zorin OS 18 Beta, Polybar, Apt History and More Linux Stuff

Distribution Release: Kali Linux 2025.3

CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-8738 – “zlt2000 Microservices-Platform Spring Actuator Interface Information Disclosure Vulnerability”

I put my Bose QuietComfort Ultra away within hours of testing these headphones

Windows 11 Start menu’s OneDrive backup nagging won’t stop, as it pushes Microsoft 365

APPLE-SA-04-16-2025-3 tvOS 18.4.1

CVE-2025-5178 – Realce Tecnologia Queue Ticket Kiosk Unrestricted File Upload Vulnerability

Google’s NotebookLM now available for all Workspace for Education users

10 Ways Node.js Development Boosts AI & Real-Time Data (2025-2026 Edition)

CVE-2025-4711 – Campcodes Sales and Inventory System SQL Injection Vulnerability

CVE-2025-3949 – SeedProd Theme Builder Landing Page Builder Unauthorized Data Access Vulnerability

Related Posts