Application Security Detections Published in November 2025

Hitesh Kadu
Hitesh Kadu, Senior Web Application Security Signatures Engineer
- 6 min read

Table of Contents

In November, Qualys Web Application Scanning released QIDs targeting vulnerabilities in several widely used software products and frameworks, including:

jQuery, WordPress, Liferay Portal, SAP, GitLab, FreePBX, Authentik, Atlassian Confluence, Ivanti, Grafana, Progress MOVEit, Drupal, Hashicorp Vault, Control Web Panel (CWP), SuiteCRM, NVIDIA, Open WebUI, WSO2, Fortinet, Adobe Magento, Apache Tomcat, Apache OFBiz, NetScaler, ClipBucket, Oracle, Google, Fluent Bit, Apache Causeway, Rails and Better Auth

Details about the following QIDs can be found in our knowledge base. Please review reports of the scanned applications for these detections and, if any are identified, follow the steps provided in the knowledge base to ensure applications are protected against the reported vulnerabilities. Immediate resolution of these vulnerabilities as soon as they are detected should be a priority for all organizations. If left unaddressed, these vulnerabilities can pose significant security risks, including breaches, unauthorized access, and various malicious activities.

QIDTitle
151070EOL/Obsolete Library: jQuery 1.X Library Detected
151071EOL/Obsolete Library: jQuery 2.X Library Detected
154180EOL/Obsolete Software: WordPress 0.7x Detected
154181EOL/Obsolete Software: WordPress 1.x Detected
154182EOL/Obsolete Software: WordPress 3.x Detected
154183EOL/Obsolete Software: WordPress 4.x Detected
154184EOL/Obsolete Software: WordPress 5.x Detected
154185EOL/Obsolete Software: WordPress 6.x Detected
154186EOL/Obsolete Software: WordPress 2.x Detected
520075Liferay Portal Open Membership Default Vulnerability (CVE-2025-43797)
520076Liferay Portal Cross-Site Scripting (XSS) Vulnerability (CVE-2025-43800)
520077Liferay Portal Cross-Site Scripting (XSS) Vulnerability (CVE-2025-43815)
520078Liferay Portal Cross-Site Scripting (XSS) Vulnerability (CVE-2025-43818)
520080Liferay Portal Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities (CVE-2025-43811)
520081Liferay Portal Multiple Vulnerabilities (CVE-2025-43813)
530564SAP S/4HANA Code Injection Vulnerability (CVE-2025-42957)
530574WordPress Bei Fen Plugin: Local File Inclusion Vulnerability (CVE-2025-9993)
530600HTTP/1.0 Protocol Downgrade Accepted
530607WordPress AffiliateWP Plugin: SQL Injection Vulnerability (CVE-2025-8877)
530608WordPress Spirit Framework Talemy Theme: Authentication Bypass Vulnerability (CVE-2025-6388)
530609WordPress Pack Elementor Addon Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2025-8214)
530610GitLab CE/EE Information Disclosure Vulnerability (CVE-2025-9958)
530611GitLab CE/EE Denial of Service Vulnerability (CVE-2025-10867)
530612GitLab CE/EE Denial of Service Vulnerability (CVE-2025-10868)
530613WordPress Cost Calculator Builder Plugin: Missing Authorization Vulnerability (CVE-2025-9243)
530614WordPress StoreEngine Plugin: Path Traversal Vulnerability (CVE-2025-9215)
530615WordPress LockerPress Plugin: Cross-Site Request Forgery Vulnerability (CVE-2025-9946)
530616WordPress WP Database Backup Plugin: OS Command Injection Vulnerability (CVE-2019-25224)
530617WordPress Big Post Shipping for WooCommerce plugin: Stored Cross-Site Scripting Vulnerability (CVE-2025-10191)
530618WordPress Core: Information Disclosure Vulnerability (CVE-2025-54352)
530619FreePBX Remote Code Execution Vulnerability (CVE-2025-57819)
530620Authentik Session Fixation Vulnerability (CVE-2025-29928)
530621Atlassian Confluence Data Center and Server Denial of Service Vulnerability (CVE-2025-22166)
530622Ivanti Endpoint Manager Mobile (EPMM) OS Command Injection Vulnerabilities (CVE-2025-10242,CVE-2025-10243,CVE-2025-10985)
530623Ivanti Endpoint Manager Mobile (EPMM) Path Traversal Vulnerability (CVE-2025-10986)
530624Grafana Improper Input Validation Vulnerability (CVE-2025-1088)
530625Authentik Improper Privilege Management Vulnerability (CVE-2025-53942)
530626Authentik Improper Access Control Vulnerability (CVE-2024-38371)
530627Authentik OAuth2 Provider Improper Redirect URI Validation (CVE-2024-52289)
530628WordPress Core: Stored Cross-Site Scripting Vulnerability (CVE-2024-31111)
530629Progress MOVEit Transfer Uncontrolled Resource Consumption Vulnerability (CVE-2025-10932)
530630Drupal Acquia DAM: Access Bypass Vulnerability (CVE-2025-9954)
530631Hashicorp Vault Denial Of Service Vulnerability (CVE-2025-12044)
530632Drupal CivicTheme: Information Disclosure Vulnerability (CVE-2025-12082)
530633WordPress AI Engine Plugin: Sensitive Information Exposure Vulnerability (CVE-2025-11749)
530634Hashicorp Vault Authentication Bypass Vulnerability (CVE-2025-11621)
530635Control Web Panel (CWP) Remote Code Execution (RCE) Vulnerability (CVE-2025-48703)
530636WordPress Gravity Forms Plugin: Arbitrary File Upload Vulnerability (CVE-2025-12352)
530637WordPress Better Find and Replace Plugin: Limited Code Injection Vulnerability (CVE-2025-9334)
530638WordPress Smart Auto Upload Images Plugin: Arbitrary File Upload Vulnerability (CVE-2025-12161)
530639SuiteCRM SQL Injection Vulnerability (CVE-2025-64492)
530642Ivanti Endpoint Manager (EPM) Arbitrary File Write Vulnerability (CVE-2025-10918)
530643SuiteCRM SQL Injection Vulnerability (CVE-2025-64488)
530644Ivanti Endpoint Manager (EPM) Remote Code Execution (RCE) Vulnerability (CVE-2025-9713)
530645Ivanti Endpoint Manager (EPM) Insecure Deserialization Vulnerability (CVE-2025-11622)
530646SuiteCRM Privilege Escalation Vulnerability (CVE-2025-64489)
530647NVIDIA Triton Inference Server Stack Overflow Vulnerability (CVE-2025-33202)
530648SuiteCRM Access Control Bypass Vulnerability (CVE-2025-64490)
530649SuiteCRM SQL Injection Vulnerability (CVE-2025-64493)
530650SuiteCRM Cross-Site Scripting Vulnerability (CVE-2025-64491)
530653Open WebUI Cross-Site Scripting Vulnerability (CVE-2025-64495)
530654WSO2 API Manager Improper Privilege Management Vulnerability (CVE-2025-9152)
530655Fortinet FortiWeb Authentication Bypass Vulnerability (CVE-2025-64446)
530656WordPress Holiday class post calendar Plugin: Remote Code Execution Vulnerability (CVE-2025-12813)
530657WordPress TNC Toolbox Plugin: Sensitive Information Exposure Vulnerability (CVE-2025-12539)
530659Adobe Magento OS Command Injection Vulnerabilities (CVE-2024-39401,CVE-2024-39402)
530660WordPress Selling Commander for WooCommerce Plugin: Privilege Escalation Vulnerability (CVE-2025-60243)
530661WordPress WP User Manager Plugin: PHP Object Injection Vulnerability (CVE-2025-60245)
530662Adobe Magento Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2024-39398)
530663WordPress Community Events Plugin: SQL Injection Vulnerability (CVE-2025-10586)
530664Adobe Magento Path Traversal Vulnerability (CVE-2024-39399)
530665Adobe Magento Cross-site Scripting Vulnerabilities (CVE-2024-39400,CVE-2024-39403)
530666Adobe Magento Path Traversal Vulnerability (CVE-2024-39406)
530667Adobe Magento Improper Authorization Vulnerabilities
530669WordPress Ovatheme Events Manager Plugin: Arbitrary File Upload Vulnerability (CVE-2025-6553)
530670WordPress WP Freeio Plugin: Privilege Escalation Vulnerability (CVE-2025-11533)
530671WordPress W3 Total Cache Plugin: Command Injection Vulnerability (CVE-2025-9501)
530672Apache Tomcat Default Credentials
530673Apache OFBiz Unrestricted File Upload Vulnerability (CVE-2025-59118)
530674Apache OFBiz Cross-Site Scripting Vulnerability (CVE-2025-61623)
530675Grafana Incorrect Privilege Assignment Vulnerability (CVE-2025-41115)
530676NetScaler Application Delivery Controller (ADC) and NetScaler Gateway Cross-Site Scripting (XSS) Vulnerability (CVE-2025-12101)
530677WordPress IDonate Plugin: Account Takeover Vulnerability (CVE-2025-4519)
530678WordPress LC Wizard Plugin: Privilege Escalation Vulnerability (CVE-2025-5483)
530680ClipBucket V5 Cross-Site Scripting Vulnerabilities (CVE-2025-64336,CVE-2025-64339)
530683WordPress Blocksy Companion Plugin: Arbitrary File Upload Vulnerability (CVE-2025-12846)
530684WordPress Tatsu Plugin: Remote Code Execution (RCE) Vulnerability (CVE-2021-25094)
530685Oracle Identity Manager Authentication Bypass Vulnerability (CVE-2025-61757)
530686Google Tracking Detected
530687Fluent Bit Stack Buffer Overflow Vulnerability (CVE-2025-12970)
530688Fluent Bit Improper Input Validation Vulnerability (CVE-2025-12977)
530689Apache Causeway Insecure Java Deserialization Vulnerability (CVE-2025-64408)
530690Default Home Page for Rails Web Server Found
530691Fluent Bit Path Traversal Vulnerability (CVE-2025-12972)
530692Fluent Bit Log Tag Spoofing Vulnerability (CVE-2025-12978)
530693Fluent Bit Authentication Bypass Vulnerability (CVE-2025-12969)
530694GitLab EE Incorrect Authorization Vulnerability (CVE-2025-11865)
530695GitLab CE/EE Cross-Site Scripting Vulnerability (CVE-2025-11224)
530696GitLab CE/EE Information Disclosure Vulnerability (CVE-2025-7000)
580801IDOR via POST Request Body
580885BFLA – Vertical Privilege Escalation via URL Subpath Replacement
580886API Keys Exposed in Public JavaScript Config Files
580887Sitecore Version Disclosure
580888SSH Private Key (id_rsa) Exposed
580889SSH known_hosts File Exposure
580890Unauthenticated API Key Creation
580891Better Auth Account Takeover via Unauthenticated API Key Creation (CVE-2025-61928)
580892NoSQL Injection
580893Timestamp Disclosure – Unix
580894Drupal JSON API Username Listing Endpoint Exposure
580895FTP Credentials Exposure

What’s Next

Leverage the QID list to guide your remediation efforts and strengthen your risk posture.

Looking for more context or remediation tips? Head to Qualys KnowledgeBase for detailed analysis, actionable guidance, and expert-backed support.

Share your Comments

Comments

Your email address will not be published. Required fields are marked *