WordPress auth bypass in one GET request, plus RCE in Krayin CRM

Same story, different router. The Dbit N300 T1 Pro V1.0.0 ships with no CSRF tokens or origin validation on its admin API. An attacker can trick a logged-in admin into visiting a crafted page that silently fires requests to endpoints like /api/setWlan, changing wireless settings or anything else the admin can do. No user interaction beyond visiting the malicious page is required.

Included because

prioritization factors: exploitation, exposure, prevalence, patch quality, and blast radius

Affected estate

Dbit N300 T1 Pro wireless router running firmware V1.0.0

How to check

Log into the router's web management page and verify the firmware version.

Action

Apply a firmware update if one exists. Otherwise, isolate the management interface from untrusted networks.

Urgency

Patch this week

Why it matters

A single malicious link can let an attacker reconfigure your wireless network and routing through an admin's session.

Source

NVD

Krayin CRM v2.1.5 has a remote code execution bug in the compose email function. A remote attacker can run arbitrary code on your CRM server by exploiting this feature. The fix is in v2.1.6. Details are thin, but RCE in a CRM email function likely means a crafted email payload can break out of the application and hit the underlying OS.

Included because

prioritization factors: exploitation, exposure, prevalence, patch quality, and blast radius

Affected estate

Krayin CRM installations at version 2.1.5 or below

How to check

Check your Krayin CRM version in the admin dashboard or by running `composer show krayin/laravel-crm` in the project directory.

Action

Upgrade to Krayin CRM v2.1.6 using Composer or your deployment pipeline.

Urgency

Patch within 24 hours

Why it matters

An attacker with access to the email compose function can execute arbitrary code on the server hosting your CRM.

Source

NVD

The Pallets Click library (versions 8.3.2 and below) has a command injection bug in the click.edit() function. An attacker with an unprivileged account on the system can pass OS commands through this function and get them executed. If any of your Python apps or internal tools use click.edit(), they're potentially a stepping stone to full system compromise.

Included because

prioritization factors: exploitation, exposure, prevalence, patch quality, and blast radius

Affected estate

Any Python application or tool using the Pallets Click library version 8.3.2 or below

How to check

Run `pip show click` or `pip list | grep click` in each relevant Python environment to check the installed version.

Action

Upgrade click to a patched version above 8.3.2 and test your applications.

Urgency

Patch this week

Why it matters

An unprivileged user can inject OS commands through click.edit(), potentially escalating to full system access.

Source

NVD

This is a nasty one. The Temporary Login WordPress plugin (v1.0.0 and below) has an authentication bypass that lets an unauthenticated attacker log in as any temporary user with a single crafted GET request. The bug is a type-juggling issue: sending the login token as an array instead of a string tricks the code into returning any user with a temporary login token. No credentials needed, no brute force, just one HTTP request.

Included because

prioritization factors: exploitation, exposure, prevalence, patch quality, and blast radius

Affected estate

WordPress sites with the Temporary Login plugin version 1.0.0 or earlier installed

How to check

In the WordPress admin panel, go to Plugins and check the version of 'Temporary Login.' Alternatively, check wp-content/plugins/temporary-login/ for the plugin version in the main PHP file header.

Action

Update to a patched version if available. If not, deactivate and remove the plugin immediately and delete all temporary login user accounts.

Urgency

Patch immediately

Why it matters

A single unauthenticated request can give an attacker full access to any temporary login account on your WordPress site, with no credentials required.

Source

NVD