CVE-2025-4105 – Splitit WordPress Authorized Data Modification Vulnerability

May 21, 2025

CVE ID : CVE-2025-4105

Published : May 21, 2025, 12:16 p.m. | 2 hours, 34 minutes ago

Description : The Splitit plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on several functions in the ‘splitIt-flexfields-payment-gateway.php’ file in all versions up to, and including, 4.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change plugin settings, including changing the environment from sandbox to production and vice versa.

Severity: 5.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-4217 – WordPress YouTube Video Optimizer Stored Cross-Site Scripting

Next Article CVE-2025-48414 – Apache Web Interface Unauthenticated Script Execution Vulnerability

Highlights

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

May 26, 2025

CVE ID : CVE-2025-5164

Published : May 26, 2025, 3:15 a.m. | 1 hour, 55 minutes ago

Description : A vulnerability has been found in PerfreeBlog 4.0.11 and classified as problematic. This vulnerability affects the function JwtUtil of the component JWT Handler. The manipulation leads to use of hard-coded cryptographic key
. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

The best Costco deals to compete with Prime Day: TVs, laptops, Apple products, and more

This 9-in-1 off-grid portable power station has a 17-year lifespan – and it’s over 50% off

DistroWatch Weekly, Issue 1129

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

Microsoft Forms Was Down for Some Users; But Now Fixed

DistroWatch Weekly, Issue 1129

CVE-2025-4105 – Splitit WordPress Authorized Data Modification Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

I always recommend buying headphones on sale, and these are the ones to snag during Memorial Day sales

CVE-2025-6879 – “SourceCodester Best Salon Management System SQL Injection”

The best business desktops of 2025: Expert tested and reviewed

Elden Ring Nightreign: How to unlock the Duchess

CVE-2025-5164 – PerfreeBlog JWT Handler Hard-Coded Cryptographic Key Vulnerability

Apple Overhauls EU App Store Policy: New Fees & Open External Purchases After €500M Fine

CVE-2025-49480 – Huawei LTE Telephony Out-of-Bounds Access Vulnerability

CVE-2024-52928 – Arc Browser Privilege Escalation Vulnerability

CVE-2025-4105 – Splitit WordPress Authorized Data Modification Vulnerability

Related Posts