Skip to main content

WordPress: a critical security vulnerability has been identified in the TI WooCommerce Wishlist plugin for WordPress, potentially affecting over 100,000 websites. This flaw, designated as CVE-2025-47577, carries the maximum severity rating with a CVSS score of 10.0. 

The vulnerability arises from improper handling of file uploads within the plugin's code. Specifically, the function responsible for processing file uploads disables essential security checks by setting the 'test_form' and 'test_type' parameters to false. This misconfiguration allows unauthenticated attackers to upload arbitrary files, including malicious scripts, to the server.  

Exploitation of this vulnerability requires the WC Fields Factory plugin to be installed and active, as the vulnerable function is accessible only under these conditions. If exploited, attackers could achieve remote code execution, leading to full compromise of the affected website. 

Google has released an urgent security update for its Chrome browser, addressing multiple high-severity vulnerabilities that could lead to remote code execution and data breaches that includes the following:   

CVE-2025-5063: A 'use after free' vulnerability in the Compositing component, which could enable remote code execution. 

CVE-2025-5280: An 'out-of-bounds write' issue in the V8 JavaScript engine, potentially leading to arbitrary code execution. 

Users are strongly advised to update their browsers to mitigate potential risks.   

Mozilla has issued emergency patches for two critical zero-day vulnerabilities in Firefox, which were demonstrated at the Pwn2Own Berlin 2025 competition. These flaws could allow attackers to execute arbitrary code or access sensitive information. 

  • CVE-2025-4918: An 'out-of-bounds access' vulnerability when resolving JavaScript Promise objects, potentially leading to memory corruption and code execution.  
  • CVE-2025-4919: An 'out-of-bounds access' issue during the optimization of linear sums in JavaScript, which could be exploited to execute arbitrary code. 

Recommended Action

Organisations are encouraged to review the appropriate security advisory pages and apply the updates: 

patchstack – Articles 

Google – Chrome Releases 

Mozilla Security Advisory 

If you have any concerns, or have been affected by a cyber-related issue, report it to us by submitting a Cyber Concerns Online Reporting Form 

Topics

  • Advisory
  • Vulnerability
  • Exploit
  • Patches and Updates