Critical WordPress Security Flaw in Everest Forms Plugin
UAE Cyber Security Council has observed a critical vulnerability in Everest Forms WordPress
plugin
VulnerabilityManagement
Apple’s USB Restricted Mode Exploited in Targeted Attacks
| OEM | Apple |
| Severity | High |
| CVSS | Not Assigned |
| CVEs | CVE-2025-24200 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
Apple has issued emergency security patches to mitigate a zero-day vulnerability, CVE-2025-24200, which has been actively exploited in sophisticated attacks targeting specific individuals. The flaw allows attackers to bypass USB Restricted Mode on a locked device, potentially exposing sensitive data. Initially identified by The Citizen Lab, this vulnerability is believed to have been leveraged in real-world scenarios against high-profile targets. Apple has responded by enhancing state management in iOS 18.3.1 and iPadOS 18.3.1 to prevent exploitation.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| USB Restricted Mode Bypass Vulnerability | CVE-2025-24200 | Apple | High |
Technical Summary
The vulnerability, tracked as CVE-2025-24200, affects USB Restricted Mode, a security feature introduced in 2018 to prevent data transfer over USB when a device remains locked for seven days. A flaw in the Accessibility framework allows an attacker with physical access to disable USB Restricted Mode, bypassing this protection and potentially accessing sensitive data.
Apple has mentioned “This issue has been exploited in extremely sophisticated attacks against specific individuals.” The vulnerability was discovered by Bill Marczak, a senior researcher at The Citizen Lab.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24200 | iPhone XS and later iPad Pro (13-inch) iPad Pro 12.9-inch (3rd generation and later) iPad Pro 11-inch (1st generation and later) iPad Air (3rd generation and later) iPad (7th generation and later) iPad mini (5th generation and later) | A flaw in the Accessibility framework allows a physical attacker to disable USB Restricted Mode, bypassing protections designed to prevent unauthorized data transfer. | Unauthorized access to sensitive data |
Remediation:
- Users are strongly advised to update their devices to the latest versions:
- iOS: Update to version 18.3.1
- iPadOS: Update to version 18.3.1
- To update your device, go to Settings > General > Software Update, and follow the on-screen instructions.
Conclusion
The CVE-2025-24200 vulnerability poses a serious risk to device security, particularly for individuals targeted in sophisticated cyberattacks. While the exploitation has been limited to specific individuals, all users of affected devices should install the latest updates immediately to mitigate potential risks. Apple remains committed to user security by addressing vulnerabilities promptly and ensuring continuous protection against emerging threats.
References:
Apple Patched Actively Exploited Zero-Day Vulnerability
Summary
CVE-2025-24085 is a zero-day vulnerability in Apple’s “Core Media framework” which enables malicious applications to potentially gain elevated privileges on impacted devices. It falls under the “Memory Corruption vulnerability category”, posing significant security risks such as unauthorized access to sensitive data or potential device control.
| OEM | Apple Inc |
| Severity | High |
| CVEs | CVE-2025-24085 |
| Exploited in Wild | Yes |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
| Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
| Privilege escalation vulnerability | CVE-2025-24085 | Apple | High | iPhone-XS and later, macOS Sequoia iPad-Pro (3rd generation and later), iPad Air (3rd generation and later), iPad (7th generation and later), iPad mini (5th generation and later) Apple Watch: Series 6 and later Apple TV: All models |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-24085 | iPhone, iPad, Mac, Apple Watch, Apple TV | CVE-2025-24085 is a memory management vulnerability in Apple’s Core Media framework, responsible for processing audio and video content. The vulnerability stems from improper handling of media data, allowing attackers to execute arbitrary code with elevated privileges. It can be remotely exploited through malicious media files, creating significant security risks. | Arbitrary Code Execution, Privilege Escalation, Sensitive Data Exposure, Remote Exploitation via Media Files |
Remediation:
- Update: Ensure the latest patches are applied to affected Apple devices as listed below
| Affected Version(s) | Fixes and Releases |
| iOS 17.2 and later | iOS 18.3 |
| iPadOS 17.2 and later | iPadOS 18.3 |
| macOS Sequoia (all previous versions) | macOS Sequoia 15.3 |
| watchOS 10.3 and later | watchOS 11.3 |
| tvOS 17.2 and later | tvOS 18.3 |
| visionOS 1.3 and later | visionOS 2.3 |
Apple has fixed this vulnerability in these software versions. Update devices immediately to mitigate the risk of exploitation.
General Recommendations:
- Untrusted Media: Avoid opening suspicious media files, emails, or links from unknown sources, as the vulnerability can be exploited remotely via malicious media.
- Automatic Updates: Enable automatic updates on all Apple devices to ensure timely installation of future security patches.
References:
Cisco Meeting Management to Prone to Attack Vectors; Vulnerability CVE-2025-20156
Cisco has warned about a new privilege escalation vulnerability in its Meeting Management tool that could allow a remote attacker to gain administrator privileges on exposed instances.
The vulnerability, CVE-2025-20156 was disclosed by Cisco on January 22 and is awaiting further analysis by the US National Vulnerability Database (NVD)
| OEM | Cisco |
| Severity | Critical |
| CVSS | 9.9 |
| CVEs | CVE-2025-20156 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
A critical vulnerability (CVE-2025-20156) in Cisco Meeting Management could allow attackers to gain unauthorized administrative access. This issue affects versions prior to 3.9.1 and has been classified as critical. Cisco strongly recommends updating to the latest fixed version to address this risk.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Privilege Escalation Vulnerability | CVE-2025-20156 | Cisco | Critical |
Technical Summary
A critical security vulnerability has been identified in Cisco Meeting Management. This flaw resides in the REST API and stems from improper enforcement of authorization protocols for REST API users. Remote, authenticated attackers with low-level privileges can exploit this issue by sending specially crafted API requests to specific endpoints. A successful exploit could allow attackers to escalate their privileges to administrator level and gain control over edge nodes managed by Cisco Meeting Management.
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2025-20156 | Cisco Meeting Management prior to version 3.9.1 | Insufficient authorization checks in the REST API allow attackers to send crafted API requests to escalate privileges. | Attackers can gain full administrative control and disrupt business operations. |
Remediation:
- Update to the Latest Version:
- Upgrade Cisco Meeting Management to version 3.9.1or later.
- Regular Security Practices:
- Monitor Cisco’s security advisories.
- Regularly update systems to address emerging threats.
Conclusion:
CVE-2025-20156 poses a critical risk to Cisco Meeting Management users. Exploiting this flaw could disrupt operations by granting attacker’s administrative control. Immediate updates are crucial to mitigate the risk and protect affected systems.
References:
- https://cybersecuritynews.com/cisco-meeting-management-vulnerability/
Privilege Escalation Vulnerability in ComboBlocks Plugin Affects Thousands of Sites
A critical vulnerability in the ComboBlocks WordPress plugin (formerly Post Grid and Gutenberg Blocks) exposes over 40,000 websites to potential complete takeover by unauthenticated attackers. This vulnerability exists due to improper handling of user meta during the registration process, enabling privilege escalation. It affects versions 2.2.85 to 2.3.3 and has been addressed in version 2.3.4.
OEM | WordPress |
Severity | Critical |
Date of Announcement | 2025-01-17 |
CVSS score | 9.8 |
CVE | CVE-2024-9636 |
Exploited in Wild | No |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
ComboBlocks, a plugin designed to enhance website design and functionality, was found to have a critical security flaw (CVE-2024-9636) that could allow unauthenticated attackers to register as administrators, granting them full control over the affected websites.
Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
Unauthenticated Privilege Escalation | CVE-2024-9636 | ComboBlocks WordPress Plugin | Critical | 9.8 |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-9636 | ComboBlocks plugin (2.2.85 - 2.3.3) | The vulnerability stems from improper restriction of user meta updates during profile registration. This flaw allows unauthenticated attackers to register as administrators, granting them full control over the website. | Complete website takeover and malware injection. |
Remediations
- Update Plugin: Immediately update the ComboBlocks plugin to version 2.3.4 or later.
- Review Administrative Accounts:
- Audit all user accounts with administrative privileges.
- Revoke any unauthorized access.
- Enhance Security Posture:
- Enable multi-factor authentication (MFA) for all admin accounts.
- Restrict user permissions based on the principle of least privilege.
- Use a web application firewall (WAF) to filter and block malicious traffic.
- Monitor and Log Activity:
- Activate detailed logging for user registration and privilege changes.
- Configure alerts for unusual activity, such as mass registrations or privilege escalations.
- Implement Preventative Measures:
- Regularly update all plugins and themes.
- Backup the WordPress site frequently to ensure quick recovery in case of any compromise.
References
Important Security Alert: SonicWall Issues Patch for SSL-VPN Vulnerabilities
SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
The flaw, identified as CVE-2024-53704, poses a significant security risk, allowing attackers to exploit the system remotely. Administrators are strongly encouraged to update their systems immediately to mitigate potential threats. SonicWall has released an Critical advisory urging administrators to address a critical vulnerability in its SSL-VPN product.
Key Details:
- The vulnerability allows unauthenticated remote attackers to execute arbitrary code on affected systems.
- It impacts SonicWall’s SSL-VPN products, widely used for secure remote access.
- Exploitation of this bug could lead to severe consequences, including unauthorized access to sensitive data, network infiltration, and system compromise.
Summary
| OEM | SonicWall |
| Severity | High |
| CVSS | 8.2 |
| CVEs | CVE-2024-53704 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
The security flaw, tracked as CVE-2024-53704, presents a serious risk, enabling remote exploitation by attackers. Administrators are highly advised to apply the necessary patches without delay to protect against potential threats.
| Vulnerability Name | CVE ID | Product Affected | Severity | Affected Version |
| Improper Authentication | CVE-2024-53704 | SonicWall | High | 7.1.x (7.1.1-7058 and older), 7.1.2-7019 8.0.0-8035 |
| A privilege escalation vulnerability | CVE-2024-53706 | SonicWall | High | 7.1.x (7.1.1-7058 and older), 7.1.2-7019 |
| A weakness in the SSLVPN authentication token generator | CVE-2024-40762 | SonicWall | High | 7.1.x (7.1.1-7058 and older), 7.1.2-7019 |
| A server-side request forgery (SSRF) vulnerability | CVE-2024-53705 | SonicWall | Medium | 6.5.4.15-117n and older 7.0.x (7.0.1-5161 and older) |
Technical Summary
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-53704 | Gen7 Firewalls, Gen7 NSv, TZ80 | An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | Bypass authentication |
| CVE-2024-53706 | Gen7 Cloud Platform NSv | A vulnerability in the Gen7 SonicOS Cloud platform NSv (AWS and Azure editions only), allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | Allow attackers to gain root privileges and potentially execute code. |
| CVE-2024-40762 | Gen7 Firewalls, Gen7 NSv, TZ80 | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | Weak PRNG in authentication tokens can lead to authentication bypass in SSLVPN. |
| CVE-2024-53705 | Gen6 Hardware Firewalls, Gen7 Firewalls, Gen7 NSv | A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. | Allow attackers to establish TCP connections to arbitrary IP addresses and ports |
Remediation:
- Update: Impacted users are recommended to upgrade to the following versions to address the security risk:
| Firewalls Versions | Fixes and Releases |
| Gen 6 / 6.5 hardware firewalls | SonicOS 6.5.5.1-6n or newer |
| Gen 6 / 6.5 NSv firewalls | SonicOS 6.5.4.v-21s-RC2457 or newer |
| Gen 7 firewalls | SonicOS 7.0.1-5165 or newer; 7.1.3-7015 and higher |
| TZ80: SonicOS | SonicOS 8.0.0-8037 or newer |
Recommendations:
- Patch Without Delay: Install the latest firmware update from SonicWall to resolve this vulnerability. Detailed instructions are available in SonicWall’s official advisory.
- Monitor Network Activity: Regularly monitor network traffic for signs of suspicious or unauthorized access.
- Limit Access: Restrict VPN access to trusted users and enforce Multi-Factor Authentication (MFA) for all accounts.
- Stay Updated: Subscribe to SonicWall’s security alerts and updates to stay informed about upcoming vulnerabilities.
References:
GitLab Releases Patch to Fix Critical and High-Severity Vulnerabilities
GitLab releases fixes for vulnerabilities in patch releases. There are two types of patch releases: scheduled releases, and ad-hoc critical patches for high-severity vulnerabilities.
Summary
| OEM | Gitlab |
| Severity | High |
| CVEs | CVE-2024-5655, CVE-2024-6385, CVE-2024-6678, CVE-2024-8970, CVE-2025-0194, CVE-2024-6324, CVE-2024-12431, CVE-2024-13041 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
The vulnerabilities could potentially impact unauthorized access, data manipulation, and service disruption. These have been disclosed through GitLab’s HackerOne bug bounty program. Latest Versions 17.7.1, 17.6.3, and 17.5.5 are now available for immediate download and upgrade to address these issues.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Import Functionality Vulnerabilities | CVE-2024-6385 | GitLab CE/EE | Critical |
| Import Functionality Vulnerabilities | CVE-2024-5655 | GitLab CE/EE | High |
| Import Functionality Vulnerabilities | CVE-2024-6678 | GitLab CE/EE | High |
| Import Functionality Vulnerabilities | CVE-2024-8970 | GitLab CE/EE | High |
| Access Token Exposure in Logs | CVE-2025-0194 | GitLab CE/EE | Medium |
| Cyclic Reference of Epics Leading to DoS | CVE-2024-6324 | GitLab CE/EE | Medium |
| Unauthorized Manipulation of Issue Status | CVE-2024-12431 | GitLab CE/EE | Medium |
| Instance SAML Bypass | CVE-2024-13041 | GitLab CE/EE | Medium |
Technical Summary
This update addresses several significant vulnerabilities identified in GitLab CE/EE:
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-6385 | GitLab CE/EE | Vulnerability in import functionality allowing potential exploitation | Allows attackers to exploit the system. |
| CVE-2024-5655 | |||
| CVE-2024-6678 | |||
| CVE-2024-8970 | |||
| CVE-2025-0194 | GitLab CE/EE | Possible exposure of access tokens in logs under certain conditions. | Potential unauthorized access to sensitive resources. |
| CVE-2024-6324 | GitLab CE/EE | Cyclic references between epics could lead to resource exhaustion, causing a Denial of Service (DoS). | Service disruption due to resource exhaustion. |
| CVE-2024-12431 | GitLab CE/EE | Unauthorized users could manipulate issue statuses in public projects, potentially disrupting workflows. | Workflow disruption and compromised data integrity. |
| CVE-2024-13041 | GitLab CE/EE | Flaw in instance SAML configuration allowing bypass of external provider settings. | Unauthorized access to internal projects or groups. |
Key Changes to Import Functionality:
- Post-import mapping: This new feature allows administrators to assign imported contributions and memberships to users after the import process is complete, enhancing control and security.
- Email-independent mapping: The updated mapping process no longer relies on email addresses, providing greater flexibility and security when importing from instances with different email domains.
- User control: Users on the destination instance now have the power to accept or reject assigned contributions, adding another layer of security and preventing unauthorized access.
Remediation:
- Upgrade GitLab Instances: All users are strongly advised to upgrade to versions 17.7.1, 17.6.3, or 17.5.5 immediately to mitigate these vulnerabilities.
- Disable Importers Temporarily: Until upgrades are complete, disable importers to avoid exploitation. If import functionality is essential, enable it only during the import process and disable it afterward.
- Adopt Updated Features: Leverage the new post-import mapping, email-independent mapping, and user control enhancements for increased security.
Conclusion:
The vulnerabilities addressed in this patch release highlight the importance of timely updates and proactive security measures. GitLab’s redesign of its import functionality and the prompt patch release demonstrate a commitment to user security. Upgrading to the latest patched versions and adhering to the recommended actions is critical to maintaining a secure environment.
References:
Image
Critical Windows Privilege Escalation Vulnerability with Public Exploit
Cybersecurity researchers reported a critical Windows privilege escalation vulnerability, identified as CVE-2024-43641 affecting Microsoft Windows. This flaw, which affects various editions of Windows Server 2025, Windows 10, and Windows 11, has been assigned a CVSS v3.1 score of 7.8, indicating high severity.
Summary
| OEM | Microsoft |
| Severity | High |
| CVSS | 7.8 |
| CVEs | CVE-2024-43641 |
| Exploited in Wild | No |
| Patch/Remediation Available | Yes |
| Advisory Version | 1.0 |
Overview
A significant Windows Registry Elevation of Privilege vulnerability, identified as CVE-2024-43641, affects multiple editions of Windows. A recently released Proof-of-Concept (PoC) exploit demonstrates how attackers can exploit this flaw to gain elevated privileges.
| Vulnerability Name | CVE ID | Product Affected | Severity |
| Windows Registry Elevation of Privilege Vulnerability | CVE-2024-43641 | Windows | High |
Technical Summary
The vulnerability, CVE-2024-43641, exploits a design flaw in Windows registry hive memory management, specifically during a double-fetch process under memory pressure. This flaw allows malicious SMB servers to respond with differing data for consecutive read requests, breaking kernel assumptions and enabling privilege escalation to SYSTEM level. Key technical details are as follows:
| CVE ID | System Affected | Vulnerability Details | Impact |
| CVE-2024-43641 | Windows 10, Windows 11, Windows Server 2008–2025 | The vulnerability involves improper handling of registry hive memory management under memory pressure. A malicious SMB server can respond with differing data to consecutive read requests, breaking kernel assumptions. Exploitation leverages a “False File Immutability” (FFI) condition. | Allows attackers to escalate privileges, execute arbitrary code, and compromise system integrity. |
Remediation:
- Apply Patches: Users and system administrators are strongly advised to promptly apply the latest security updates.
- Monitor Activity:
- Monitor logs for suspicious activity related to registry operations.
- The cybersecurity community is actively monitoring the situation for any indications of active exploitation in the wild.
Conclusion:
CVE-2024-43641 is a high-severity vulnerability with a publicly available PoC exploit. It is crucial to apply security patches immediately and follow best practices to mitigate the risk of exploitation. Organizations must stay alert and monitor ongoing developments to ensure complete protection against this emerging threat.
References:
Critical Flaw in WordPress Hunk Companion Plugin Enables Unauthorized Plugin Installation
Summary
OEM | WordPress |
Severity | Critical |
Date of Announcement | 2024-12-13 |
CVSS score | 9.8 |
CVE | CVE-2024-11972 |
Exploited in Wild | Yes |
Patch/Remediation Available | Yes |
Advisory Version | 1.0 |
Overview
A Critical flaw in the WordPress Hunk Companion plugin has been actively exploited to enable unauthorized installation and activation of plugins. This vulnerability stems from insufficient authorization checks on a REST API endpoint. Exploited sites may see attackers silently install malicious or outdated plugins, leading to severe security risks, including remote code execution (RCE), unauthorized access, and website compromise.
Vulnerability Name | CVE ID | Product Affected | Severity | CVSS Score |
Hunk Companion Plugin Vulnerability | CVE-2024-11972 | Hunk Companion Plugin for WordPress | Critical | 9.8 |
Technical Summary
CVE ID | System Affected | Vulnerability Details | Impact |
CVE-2024-11972 | Hunk Companion plugin versions prior to 1.8.4 | This vulnerability is caused by improper validation mechanisms in the file hunk-companion/import/app/app.php, a script responsible for handling plugin import and installation processes. At its core, the bug permits unauthenticated requests to bypass critical permission checks intended to ensure that only authorized users can install plugins. | This vulnerability potentially leads to remote code execution, unauthorized access, and full website compromise. |
Remediations
- “Hunk Companion” WordPress plugin, should update to version 9.0 or later.
General Recommendations
- Regularly inspect your WordPress site for unknown plugins or modifications.
- Reducing the risk of delayed patching can be achieved by enabling automatic updates for all plugins
- Review server and WordPress logs for unauthorized login attempts to detect possible compromise.
- Keep all plugins, themes, and WordPress core updated. Use strong, unique passwords and enable two-factor authentication for admin accounts.