Cyber Attack Halts Marks & Spencer Online Orders

Today’s Cybersecurity Update: A Mixed Bag of WordPress Flaws, Ransomware Rumbles, and Retail Disruptions

Good day, cybersecurity enthusiasts! In today’s roundup we’re looking at a variety of vulnerabilities – spanning WordPress plugin issues, a zero-day in SAP NetWeaver, and even a disruption at one of the UK’s retail giants. Grab a cuppa as we unpack these incidents in plain language and add a dash of light-hearted commentary.

WordPress Plugin Vulnerabilities in Focus

Several WordPress plugins have found themselves in the spotlight:

• Airtable Aeropage Sync for WordPress (CVE-2025-3914): A missing file type validation in the aeropage_media_downloader function (up to version 3.2.0) has enabled authenticated attackers – even those with Subscriber-level access – to potentially upload arbitrary files. A serious flaw with a severity rating of 8.8, it could pave the way to remote code execution.

• Integração entre Eduzz e WooCommerce (CVE-2025-3906): This vulnerability, affecting versions up to 1.7.5, allows an attacker to modify plugin data by altering default registration roles. With the same high severity of 8.8, the flaw might let a miscreant turn a normal user into an administrator – a risk no one wants.

• Jupiter X Core (CVE-2025-2105): The deserialization of untrusted input via the raven_download_file function exposes servers to PHP Object Injection in versions up to 4.8.11. While the absence of a ready-made POP chain somewhat limits the immediate impact, it does raise the stakes when considered in combination with other plugins or themes.

• Xpro Elementor Addons – Pro (CVE-2024-13808): A client-side control weakness in the custom PHP widget affects versions up to 1.4.9, potentially allowing code execution by anyone with at least Contributor-level permissions.

Additional Vulnerabilities Spanning Platforms

Beyond WordPress, several other vulnerabilities have also emerged:

• ScreenConnect ASP.NET (CVE-2025-3935): Versions up to 25.2.3 might suffer from a ViewState code injection scenario. While machine keys – essential for decoding the state – are required by an attacker, the risk of remote code execution cannot be overlooked.

• Codeastro Bus Ticket Booking System (CVE-2025-25775): A critical SQL injection flaw (rating 9.8) in version 1.0, triggered via the kodetiket parameter, stands as a stark reminder of the continual threat posed by poorly validated inputs.

• Commvault Web Server (CVE-2025-3928): A vulnerability that could allow remote attackers to execute webshells. Thanks to recent updates (versions 11.36.46, 11.32.89, 11.28.141, and 11.20.217), administrators should ensure systems across both Windows and Linux are patched.

Zero-Day and High-Profile Exploits

A particularly critical alert comes from the world of enterprise IT:

• SAP NetWeaver Zero-Day (CVE-2025-31324): With a maximum CVSS score of 10.0, this unauthenticated file upload vulnerability has already been exploited by threat actors in the wild. The flaw centres on the Metadata Uploader component, lacking crucial authorisation checks. As organisations rush to apply the out-of-band patch (outlined in SAP security note #3594142), this serves as a timely reminder of how swiftly high-impact zero-days can force pivotal security changes.

Moodle and Craft CMS: Remote Code Execution and More

The education and CMS sectors are also feeling the heat:

• Moodle Vulnerabilities (CVE-2025-3642, CVE-2025-3641, CVE-2025-3638): From remote code execution risks in the EQUELLA and Dropbox repositories to a CSRF flaw in the Brickfield tool, these bugs highlight the importance of timely updates and vigilant monitoring—even on tools generally restricted to teachers and managers.

• Craft CMS (CVE-2025-32432): A critical execution flaw, with a severity of 10.0, affects a range of versions. With remote code execution now a very real possibility, users are urged to upgrade to the patched releases immediately.

Retail Under Siege and Cyber Extortion Takes a New Spin

In other news shaking up the headlines:

• Marks & Spencer has temporarily halted online orders as a result of a disruptive cyber attack. This incident not only affected contactless payments and click-and-collect services in-store but also amplifies concerns around ransomware and overall operational resilience.

• A curious case has emerged with “DOGE-Trolling Ransomware Hackers” demanding an astronomical $1 trillion. Though the note carries an absurd superstar-level demand reminiscent of Elon Musk’s tweets, it underscores the increasingly bold and unpredictable tactics of cybercriminals.

It appears that even traditional retailers and widely-used software suites are not immune to the evolving threat landscape. Such incidents reinforce the necessity for regular vulnerability assessments, timely patching, and robust incident response strategies.

At Synergos Consultancy, we’re well aware that these cybersecurity challenges can impact businesses of all sizes. Whether you’re dealing with compliance requirements or simply need guidance on mitigating these risks, our team is here to help ensure your digital operations remain secure and compliant. Remember, a stitch in time saves nine—even in the world of cybersecurity!

Here’s to staying informed, securing our systems, and not letting these vulnerabilities catch us off guard. Until next time, keep your firewalls high and your malware low!