CVE-2025-4419 – WordPress Hot Random Image Path Traversal Vulnerability

May 22, 2025

CVE ID : CVE-2025-4419

Published : May 22, 2025, 10:15 a.m. | 1 hour, 52 minutes ago

Description : The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the ‘path’ parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-25010 – Ericsson RAN Compute and Site Controller Code Injection Vulnerability

Next Article CVE-2025-4405 – WordPress Hot Random Image Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-5543 – TOTOLINK X2000R Cross-Site Scripting Vulnerability in Parent Controls Page

June 3, 2025

CVE ID : CVE-2025-5543

Published : June 3, 2025, 11:15 p.m. | 3 hours, 8 minutes ago

Description : A vulnerability was found in TOTOLINK X2000R 1.0.0-B20230726.1108. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Parent Controls Page. The manipulation of the argument Device Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

10 Top Node.js Development Companies for Enterprise-Scale Projects (2025-2026 Ranked & Reviewed)

12 Must-Know Cost Factors When Hiring Node.js Developers for Your Enterprise

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

The best Costco deals to compete with Prime Day: TVs, laptops, Apple products, and more

This 9-in-1 off-grid portable power station has a 17-year lifespan – and it’s over 50% off

DistroWatch Weekly, Issue 1129

Token System using PHP and MySQL

Token System using PHP and MySQL

Create React UI component with uncontrollable

Flaget – new small 5kB CLI argument parser

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

A UN Human Rights Council report lists Microsoft among big tech companies that “profit” from Gaza genocide

Microsoft Forms Was Down for Some Users; But Now Fixed

DistroWatch Weekly, Issue 1129

CVE-2025-4419 – WordPress Hot Random Image Path Traversal Vulnerability

Citrix Releases Emergency Patches for Actively Exploited CVE-2025-6543 in NetScaler ADC

CISA Adds 3 Flaws to KEV Catalog, Impacting AMI MegaRAC, D-Link, Fortinet

Windows 11 KB5055523 24H2 adds AI features, direct download links (.msu)

Arriva Slimbook Kymera Black: il nuovo desktop GNU/Linux per giocatori e creatori

Perficient Wins EX Impact Award for Diversity, Equity, Inclusion, and Belonging

CVE-2024-49835 – Apple Safari Heap Overflow

CVE-2025-5543 – TOTOLINK X2000R Cross-Site Scripting Vulnerability in Parent Controls Page

How to configure a Linked Server between Amazon RDS for SQL Server and Teradata database

Linux Boot Process? Best Geeks Know It!

Preparing for the New Normal: Synthetic Identities and Deepfake Threats

CVE-2025-4419 – WordPress Hot Random Image Path Traversal Vulnerability

Related Posts