Ezra S F4d ago

WP Advanced Custom Fields Extended plugin bug gives admin

Your friendly reminder to minimize the WordPress plugins you deploy to what you actually need. BleepingComputer has an article:

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions.

ACF Extended, currently active on 100,000 websites, is a specialized plugin that extends the capabilities of the Advanced Custom Fields (ACF) plugin with features for developers and advanced site builders.

Unauthenticated privilege escalation to get admin is about as bad as it gets. Though, it does appear the WordPress blog has to have mapped “role” as a custom field. It’s impossible for anyone other than the blog owner to know if that’s the case. Well, probably spammers and scammers seeking sites to compromise and turn into platforms to exploit might given which ones they successfully turn.

It’s tracked as CVE-2025-14533:

#tenable #vulnerability #Wordpress #wordpressPlugins
ACF plugin bug gives hackers admin on 50,000 WordPress sites

A critical-severity vulnerability in the Advanced Custom Fields: Extended (ACF Extended) plugin for WordPress can be exploited remotely by unauthenticated attackers to obtain administrative permissions.

BleepingComputer
ferricoxideJan 2
Swear to god, if I ever physically encounter someone that works for #Tenable, especially their #Nessus group, and especially the team that's in charge of the nessus-agent for #Linux, I will hose them down with Napalm and set them on fire.

#security
KrebsOnSecurity RSSDec 10

Microsoft Patch Tuesday, December 2025 Edition

https://krebsonsecurity.com/2025/12/microsoft-patch-tuesday-december-2025-edition/

#WindowsCloudFilesMiniFilterDriver #WindowsPowershell #MicrosoftOutlook #MicrosoftOffice #LatestWarnings #TheComingStorm #CVE-2025-10573 #CVE-2025-54100 #CVE-2025-59516 #CVE-2025-59517 #CVE-2025-62221 #CVE-2025-62458 #CVE-2025-62470 #CVE-2025-62472 #CVE-2025-62554 #CVE-2025-62557 #CVE-2025-64671 #SatnamNarang #TimetoPatch #AdamBarnett #AriMarzuk #IDEsaster #Tenable

Microsoft Patch Tuesday, December 2025 Edition – Krebs on Security

Frank LesniakDec 3
Heyyyyy #Tenable #Nessus? Can we maybe not run sketchy-looking #PowerShell on my computer? I just happened to catch this in the logs. Kay, thanks.
Marc Ruef Dec 2
Agentic AI Security: Stop Cyber Hygiene Failures from Becoming a Global Breach | Tenable #ai #breach #vulnerabilityscan #tenable https://www.tenable.com/blog/agentic-ai-security-keep-your-cyber-hygiene-failures-from-becoming-a-global-breach
Marc Ruef Nov 5
Private data at risk due to seven ChatGPT vulnerabilities | Tenable #vulnerability #vulnerabilities #vulnerabilityscan #tenable https://www.tenable.com/blog/hackedgpt-novel-ai-vulnerabilities-open-the-door-for-private-data-leakage
Private data at risk due to seven ChatGPT vulnerabilities | Tenable®

Tenable research has identified seven vulnerabilities in ChatGPT that could enable an attacker to exfiltrate private information from users' memories and chat histories.

Tenable®
TechNaduOct 25

NVD Delays Leave Defenders in the Dark — Early Visibility is Key
Tenable’s recent analysis shows a worrying pattern in vulnerability disclosure timing:
- 63,862 CVEs from 2024–2025
- 56% of PoCs released within 7 days
- NVD lagging by ~15 days
- Exploitation confirmed in as little as 5 days
This gap between CVE assignment, PoC publication, and NVD visibility creates exploitable blind spots for enterprises relying on traditional patch cycles.
💬 Security leaders - how do you bridge these gaps? Do you trust vendor advisories, exploit feeds, or telemetry-driven signals more?

👍 Like and follow @technadu for continuous coverage of emerging vulnerability management insights.

#InfoSec #CyberSecurity #VulnerabilityManagement #ThreatIntel #NVD #Exploit #RiskIntel #Tenable #CVEs #CyberDefense #ZeroDay #CVETracking #VulnDisclosure #TechNadu

Marc Ruef Oct 23
Why prioritizing vulnerabilities based on NVD leaves you at risk | Tenable #vulnerability #vulnerabilities #vulnerabilityscan #tenable https://www.tenable.com/blog/cyber-risk-lurks-in-the-vulnerability-disclosure-gaps
ITSEC NewsOct 15
Patch Tuesday, October 2025 ‘End of 10’ Edition - Microsoft today released software updates to plug a whopping 172 security holes in its Wi... https://krebsonsecurity.com/2025/10/patch-tuesday-october-2025-end-of-10-edition/ #microsoftpatchtuesdayoctober2025 #microsoftoffice #cve-2025-24990 #cve-2025-59227 #cve-2025-59230 #cve-2025-59234 #cve-2025-59287 #satnamnarang #timetopatch #immersive #kevbreen #tenable
Patch Tuesday, October 2025 ‘End of 10’ Edition – Krebs on Security

TechNaduOct 15

🧠 EDR Tools Are Not Exposure Management Solutions.

They’re reactive, not proactive - designed to respond after compromise, not prevent it.
EDR misses entire classes of assets like routers, IoT, and third-party systems.

💬 What’s your approach to achieving full attack surface visibility?

Follow @technadu for more discussions on vulnerability intelligence and exposure reduction.

#CyberSecurity #ExposureManagement #EDR #Tenable #InfoSec #ThreatDetection #VulnerabilityIntelligence #TechNadu