CVE-2025-11499
published 2025-11-01CVE-2025-11499: The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing…
PriorityP272critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.97%
57.6th percentile
The Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_featured_image_from_external_url() function in all versions up to, and including, 1.1.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible in configurations where unauthenticated users have been provided with a method for adding featured images, and the workflow trigger is created.
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Securelist
From cheats to exploits: Webrat spreading via GitHub
blogs_securelist·2025-12-23·CVSS 9.8
[CRITICAL] From cheats to exploits: Webrat spreading via GitHub
Table of Contents
Distribution and the malicious sample
Campaign objectives
Conclusion
Indicators of compromise
Authors
Maxim Starodubov
In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced professionals and students in the information security field.
## Distribution and the malicious sample
In October, we uncovered a campaign that had been distributing Webrat via GitHub repositories since at least September. To lure in victims, the attackers leveraged vulnerab
Securelist
Webrat, disguised as exploits, is spreading via GitHub repositories
blogs_securelist·2025-12-23·CVSS 9.8
[CRITICAL] Webrat, disguised as exploits, is spreading via GitHub repositories
Table of Contents
- Distribution and the malicious sample
- Campaign objectives
- Conclusion
- Indicators of compromise
Authors
- Maxim Starodubov
In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net: alongside gamers and users of pirated software, they are now targeting inexperienced professionals and students in the information security field.
## Distribution and the malicious sample
In October, we uncovered a campaign that had been distributing Webrat via GitHub repositories since at least September. To lure in victims, the attackers leveraged
https://plugins.trac.wordpress.org/browser/tablesome/trunk/workflow-library/actions/wp-post-creation.php#L309https://plugins.trac.wordpress.org/changeset/3386484/tablesome/trunk/workflow-library/actions/wp-post-creation.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/2be770c7-7aa2-430b-981d-5d81fe068bef?source=cve
2025-11-01
Published