Fortra GoAnywhere CVSS 10 Flaw Exploited as 0-Day a Week Before Public Disclosure

Cybersecurity company watchTowr Labs has disclosed that it has "credible evidence" of active exploitation of the recently disclosed security flaw in Fortra GoAnywhere Managed File Transfer MFT software as early as September 10, 2025, a whole week before it was publicly disclosed. "This is not...

PT-2023-16592 · WordPress · Themeflection Numbers

Name of the Vulnerable Software and Affected Versions: Themeflection Numbers WordPress plugin versions prior to 2.0.1 Description: The issue is related to a lack of authorisation and CSRF check in an AJAX action, which does not ensure that the options to be updated belong to the plugin. This coul...