CVE-2025-2004
published 2025-04-08CVE-2025-2004: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action…
PriorityP260critical9.1CVSS 3.1
AVNACLPRNUINSUCNIHAH
EPSS
0.77%
50.9th percentile
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). CVE-2025-32509 is a duplicate of this.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_cmake_3.29.6-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_cmake_3.30.3-2_on_azure_linux_3.0 | — | — |
| msrc | azl3_curl_8.5.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_curl_8.8.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_libid3tag_0.16.3-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_mysql_8.0.36-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_mysql_8.0.40-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.75.0-14_on_azure_linux_3.0 | — | — |
| msrc | azl3_rust_1.86.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_curl_8.5.0-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_curl_8.8.0-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_libid3tag_0.15.1b-33_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_mysql_8.0.36-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_mysql_8.0.40-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_rust_1.72.0-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| wpminds | simple_wp_events | <= 1.8.17 | — |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
vendor_msrc7.5HIGH
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9p3c-x238-grgc: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJA
ghsa_unreviewed·2025-04-08
CVE-2025-2004 [CRITICAL] CWE-73 GHSA-9p3c-x238-grgc: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJA
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
Red Hat
kernel: net: ravb: Fix missing rtnl lock in suspend/resume path
vendor_redhat·2025-02-27·CVSS 5.5
CVE-2025-21801 [MEDIUM] kernel: net: ravb: Fix missing rtnl lock in suspend/resume path
kernel: net: ravb: Fix missing rtnl lock in suspend/resume path
In the Linux kernel, the following vulnerability has been resolved:
net: ravb: Fix missing rtnl lock in suspend/resume path
Fix the suspend/resume path by ensuring the rtnl lock is held where
required. Calls to ravb_open, ravb_close and wol operations must be
performed under the rtnl lock to prevent conflicts with ongoing ndo
operations.
Without this fix, the following warning is triggered:
[ 39.032969] =============================
[ 39.032983] WARNING: suspicious RCU usage
[ 39.033019] -----------------------------
[ 39.033033] drivers/net/phy/phy_device.c:2004 suspicious
rcu_dereference_protected() usage!
...
[ 39.033597] stack backtrace:
[ 39.033613] CPU: 0 UID: 0 PID: 174 Comm: python3 Not tainted
6.13.0-rc7-next-2025011
Microsoft
Usage of disabled protocol
vendor_msrc·2024-03-12·CVSS 3.5
CVE-2024-2004 [LOW] CWE-436 Usage of disabled protocol
Usage of disabled protocol
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
curl: curl
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://learn.microsoft.com/en-us/azure/azur
Microsoft
id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition
vendor_msrc·2018-02-13·CVSS 7.5
CVE-2004-2779 [HIGH] id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition
id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS).
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additi
Citrix
Citrix Security Bulletin CTX105650
vendor_citrix·CVSS 5.0
CVE-2004-1077 [MEDIUM] Citrix Security Bulletin CTX105650
Citrix Security Bulletin CTX105650
CVE References: CVE-2004-1077, CVE-2004-1078, CVE-2025-12101, CVE-2025-62626, CVE-2026-23554, CVE-2026-3055, CVE-2026-4368, CVE-2026-4397
Affected Products: Citrix ADM, Citrix Hypervisor, Citrix Virtual Apps and Desktops, Endpoint Management, NetScaler ADC, NetScaler Gateway, XenServer
Suricata
ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)
suricata·2025-04-03·CVSS 9.8
CVE-2025-2746 [CRITICAL] ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)
ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)
Rule: alert http1 any any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Kentico Xperience CMS Authentication Bypass Attempt (CVE-2025-2746)"; flow:established,to_server; http.method; content:"POST"; http.uri; bsize:33; content:"/CMSPages/Staging/SyncServer.asmx"; fast_pattern; http.header; content:"SOAPAction|3a 20 22 3c|http|3a 2f 2f|localhost|2f|SyncWebService|2f|SyncServer|2f|ProcessSynchronizationTaskData|3e 22|"; http.request_body; content:"|3c|soap|3a|Header|3e|"; content:"|3c|wsse|3a|UsernameToken|3e|"; within:300; content:"|3c|wsse|3a|Username|3e|"; within:30; content:"|3c|wsse|3a|Password|20|Type|3d 22 3c|http|3a|//docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0|23|P
No public exploits indexed.
No writeups or analysis indexed.
https://plugins.trac.wordpress.org/browser/simple-wp-events/trunk/admin/includes/wp-events-export-events.php#L399https://plugins.trac.wordpress.org/changeset/3280966/simple-wp-events/trunk/admin/includes/wp-events-export-events.phphttps://www.wordfence.com/threat-intel/vulnerabilities/id/abdca93e-f68d-4a96-8bd7-443ee46ccb5a?source=cve
2025-04-08
Published