GitHub

WordPress Front End Users Plugin <= 3.2.32 is vulnerable to Arbitrary File Upload

The vulnerability exists in the way the Front-End Users plugin handles file uploads through registration forms. There is no proper file extension validation, authentication checks, or file type ...
TechRadar

Top CMS Sitecore patches critical zero-day flaw being hit by hackers

Sitecore patched a critical zero-day deserialization flaw affecting legacy deployments Threat actors exploited the vulnerability to deploy malware like WeepSteel Mandiant intervened mid-attack, ...
Bleeping Computer

Hackers exploited Sitecore zero-day flaw to deploy backdoors

Threat actors have been exploiting a zero-day vulnerability in legacy Sitecore deployments to deploy WeepSteel reconnaissance malware. The flaw, tracked under CVE-2025-53690, is a ViewState ...
CSOonline

Sitecore zero-day configuration flaw under active exploitation

Attackers are leveraging a sample machine key in Sitecore products for initial access before ViewState code injections lead to escalated privileges and lateral movement across the network. A sample ...
GitHub

File Order Obsidian Plugin

Use number-prefixes in your file names to define a custom order, and use drag-and-drop in the file explorer to update that order. Find the Plugin "File Order" in the community plugin list in obsidian ...