Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash

Our news and updates

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Choose category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    21 May 2025 Communication and Collaboration
    Mattermost: Unauthorized Access via Improper Restriction in ExperimentalSettings

    In Mattermost versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11 a low severity vulnerability CVE-2025-2570 was detected. This vulnerability allows a System Manager to access `ExperimentalSettings` via the System Console even when the `RestrictSystemAdmin` setting is true, due to improper access control. To address this issue, users should upgrade Mattermost to versions above 10.5.3 or 9.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2570.

    Read more
    Communication
    21 May 2025 Business and Enterprise Solutions
    WordPress: Reflected XSS via Unsanitized Parameter in AffiliateImporterEb Plugin

    In AffiliateImporterEb plugin for WordPress versions through 1.0.6 a high severity vulnerability CVE-2024-12733 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12733.

    Read more
    CMS
    21 May 2025 Business and Enterprise Solutions
    WordPress: Reflected XSS via Unsanitized Parameter in ClipArt Plugin

    In ClipArt plugin for WordPress versions through 0.2 a high severity vulnerability CVE-2024-12726 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12726.

    Read more
    CMS
    20 May 2025 DevOps
    LibreNMS: Stored XSS via Group Name Parameter in Poller Groups Form

    In LibreNMS versions up to and including 25.4.0 a low severity vulnerability CVE-2025-47931 was detected. This vulnerability allows attackers to inject malicious scripts via the group name parameter in the /poller/groups form, potentially executing those scripts when viewed by other users. To address this issue, users should upgrade LibreNMS to version 25.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47931.

    Read more
    Monitoring
    20 May 2025 Data Management and Analytics
    Pgpool-II: Authentication Bypass Enables Unauthorized Access

    In Pgpool-II versions 4.0 and 4.1 series, 4.2.0 to 4.2.21, 4.3.0 to 4.3.14, 4.4.0 to 4.4.11, 4.5.0 to 4.5.6 and 4.6.0 a critical severity vulnerability CVE-2025-46801 was detected. This vulnerability allows attackers to bypass authentication and log in as arbitrary users, enabling them to read, modify, or disable data in the connected database. To address this issue, users should upgrade Pgpool-II to versions 4.6.1, 4.5.7, 4.4.12, 4.3.15, 4.2.22 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46801.

    Read more
    Database
    20 May 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Countdown Block Options in Qi Blocks Plugin

    In the Qi Blocks WordPress plugin versions prior to 1.4 a medium severity vulnerability CVE-2025-1626 was detected. This vulnerability allows authenticated users with Contributor-level access and above to perform Stored Cross-Site Scripting (XSS) attacks due to insufficient validation and escaping of Countdown block options before rendering them in a page or post. To address this issue, users should upgrade the Qi Blocks WordPress plugin to version 1.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1626.

    Read more
    CMS
    20 May 2025 Business and Enterprise Solutions
    WordPress: Privilege Escalation via Password Reset in Motors Theme

    In the Motors theme for WordPress versions up to and including 5.6.67 a critical severity vulnerability CVE-2025-4322 was detected. This vulnerability allows unauthenticated attackers to escalate privileges by taking over user accounts, including administrator accounts, through improper identity validation during password updates. To address this issue, users should upgrade the Motors theme to versions 5.6.68 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4322.

    Read more
    CMS
    20 May 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Unsanitized Settings in Ninja Forms Plugin

    In the Ninja Forms WordPress plugin versions prior to 3.10.1 a low severity vulnerability CVE-2025-2524 was detected. This vulnerability allows high privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (e.g., in a multisite setup), due to insufficient sanitization and escaping of plugin settings. To address this issue, users should upgrade the Ninja Forms WordPress plugin to version 3.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2524.

    Read more
    CMS
    19 May 2025 Business and Enterprise Solutions
    WordPress: Sensitive Information Exposure via Insecure Uploads Directory in Wise Chat Plugin

    In Wise Chat plugin for WordPress versions up to and including 3.3.3 a high severity vulnerability CVE-2024-13613 was detected. This vulnerability allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, potentially exposing file attachments from chat messages. To address this issue, users should upgrade Wise Chat plugin to versions 3.3.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13613.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy