CVE-2025-3812 – WordPress WPBot Pro File Deletion Vulnerability

May 17, 2025

CVE ID : CVE-2025-3812

Published : May 17, 2025, 6:15 a.m. | 2 hours, 29 minutes ago

Description : The WPBot Pro WordPress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4389 – “WordPress Crawlomatic Multipage Scraper Plugin Arbitrary File Upload Vulnerability”

Next Article CVE-2025-4190 – WordPress CSV Mass Importer File Upload Privilege Escalation Vulnerability

Highlights

CVE-2025-37778 – Kerberos SMBD Dangling Pointer

May 1, 2025

CVE ID : CVE-2025-37778

Published : May 1, 2025, 2:15 p.m. | 1 hour, 10 minutes ago

Description : In the Linux kernel, the following vulnerability has been resolved:

ksmbd: Fix dangling pointer in krb_authenticate

krb_authenticate frees sess->user and does not set the pointer
to NULL. It calls ksmbd_krb5_authenticate to reinitialise
sess->user but that function may return without doing so. If
that happens then smb2_sess_setup, which calls krb_authenticate,
will be accessing free’d memory when it later uses sess->user.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Hallucinated code, real threat: How slopsquatting targets AI-assisted development

CompTIA State of the Tech Workforce 2025 released, Meta joins Kotlin Foundation, Percona launches Transparent Data Encryption for PostgreSQL – Daily News Digest

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Intel’s former CEO speaks out — “I wanted to finish what I started”

NVIDIA RTX 5000 GPUs are on sale at Newegg, and discounted gift cards can be used towards your purchase — It’s free money

False alarm! Microsoft rectifies language that implied Windows may have lost millions of users since Windows 11 debut

ROG Ally drops to its lowest price ever, making it less than Switch 2 — Here’s why it could be your dream gaming handheld

1KB JavaScript Demoscene Challenge Just Launched

1KB JavaScript Demoscene Challenge Just Launched

Salesforce Marketing Cloud for Medical Devices

June report 2025

Intel’s former CEO speaks out — “I wanted to finish what I started”

Intel’s former CEO speaks out — “I wanted to finish what I started”

NVIDIA RTX 5000 GPUs are on sale at Newegg, and discounted gift cards can be used towards your purchase — It’s free money

False alarm! Microsoft rectifies language that implied Windows may have lost millions of users since Windows 11 debut

CVE-2025-3812 – WordPress WPBot Pro File Deletion Vulnerability

Pilz IndustrialPI 4 Alert: Critical Flaws (CVE-2025-41656 CVSS 10.0 RCE, CVE-2025-41648 Auth Bypass) Expose Industrial PCs

Security Flaws in Frappe Framework Expose Self-Hosted ERPNext Users to Takeovers, XSS, and SQL Injection

Google reveals trio of security vulnerabilities in OS X

New U.S. Visa Rule Requires Applicants to Set Social Media Account Privacy to Public

CVE-2025-6452 – CodeAstro Patient Record Management System Cross-Site Scripting Vulnerability

CVE-2025-4224 – WordPress wpForo Advanced Attachments Stored Cross-Site Scripting Vulnerability

CVE-2025-37778 – Kerberos SMBD Dangling Pointer

StarRocks is a high-performance analytical database

You shouldn’t trust AI for therapy – here’s why

DDoS Attack Hits Adyen, Causing Transaction Failures in EU

CVE-2025-3812 – WordPress WPBot Pro File Deletion Vulnerability

Related Posts