Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Schiocco

Source -

CNA

BOS Name -

N/A

CNA CVEs -

4

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
4Vulnerabilities found
CVE-2025-54027
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.04% / 8.91%
||
7 Day CHG~0.00%
Published-20 Aug, 2025 | 08:03
Updated-20 Aug, 2025 | 16:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Support Board <= 3.8.0 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Schiocco Support Board allows Reflected XSS. This issue affects Support Board: from n/a through 3.8.0.

Action-Not Available
Vendor-Schiocco
Product-Support Board
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-54031
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.15% / 36.31%
||
7 Day CHG+0.04%
Published-20 Aug, 2025 | 08:02
Updated-20 Aug, 2025 | 14:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Support Board <= 3.8.0 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Schiocco Support Board allows PHP Local File Inclusion. This issue affects Support Board: from n/a through 3.8.0.

Action-Not Available
Vendor-Schiocco
Product-Support Board
CWE ID-CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')
CVE-2025-4855
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-0.14% / 35.35%
||
7 Day CHG~0.00%
Published-08 Jul, 2025 | 23:22
Updated-14 Jul, 2025 | 15:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Support Board <= 3.8.0 - Unauthenticated Authorization Bypass due to Use of Default Secret Key

The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default secrets in the sb_encryption() function in all versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to bypass authorization and execute arbitrary AJAX actions defined in the sb_ajax_execute() function. An attacker can use this vulnerability to exploit CVE-2025-4828 and various other functions unauthenticated.

Action-Not Available
Vendor-schioccoSchiocco
Product-support_boardSupport Board
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-4828
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-9.8||CRITICAL
EPSS-1.54% / 80.67%
||
7 Day CHG+0.40%
Published-08 Jul, 2025 | 23:22
Updated-14 Jul, 2025 | 15:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_delete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). An attacker can leverage CVE-2025-4855 vulnerability to exploit this vulnerability unauthenticated.

Action-Not Available
Vendor-schioccoSchiocco
Product-support_boardSupport Board
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')