Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    28 May 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via SVG Upload in WP Extended Plugin

    In WP Extended plugin for WordPress versions up to and including 3.0.15 a medium severity vulnerability CVE-2025-4963 was detected. This vulnerability allows authenticated attackers with Author-level access or higher to upload malicious SVG files containing scripts, resulting in Stored Cross-Site Scripting (XSS) that executes whenever a user accesses the SVG file. To address this issue, users should upgrade WP Extended plugin to version 3.0.16 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4963.

    Read more
    CMS
    28 May 2025 Business and Enterprise Solutions
    WordPress: SQL Injection via Unescaped Parameter in Likes and Dislikes Plugin

    In Likes and Dislikes plugin for WordPress versions up to and including 1.0.0 a high severity vulnerability CVE-2025-5287 was detected. This vulnerability allows unauthenticated attackers to perform SQL Injection via the ‘post’ parameter, potentially enabling them to extract sensitive information from the database. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5287.

    Read more
    CMS
    28 May 2025 Business and Enterprise Solutions
    WordPress: Reflected XSS via attachment_id Parameter in WP Attachments Plugin

    In WP Attachments plugin for WordPress versions up to and including 5.0.12 a medium severity vulnerability CVE-2025-5082 was detected. This vulnerability allows unauthenticated attackers to perform Reflected Cross-Site Scripting (XSS) via the `attachment_id` parameter, enabling script injection if a user is tricked into clicking a malicious link. To address this issue, users should upgrade WP Attachments plugin to versions 5.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5082.

    Read more
    CMS
    28 May 2025 Business and Enterprise Solutions
    WordPress: Arbitrary File Upload in MasterStudy LMS Pro Plugin

    In MasterStudy LMS Pro plugin versions up to and including 4.7.0 a high severity vulnerability CVE-2025-4800 allows authenticated users with Subscriber-level access or higher to upload arbitrary files due to missing file type validation in the `stm_lms_add_assignment_attachment` function. This could potentially lead to remote code execution on the server. To address this issue, users should upgrade MasterStudy LMS Pro plugin to versions 4.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4800.

    Read more
    CMS
    27 May 2025 Business and Enterprise Solutions
    WordPress: DOM-Based Stored XSS via Data Attributes in TablePress Plugin

    In TablePress plugin for WordPress versions up to and including 3.1.2 a medium severity vulnerability CVE-2025-5096 was detected. This DOM-based stored XSS vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the data-caption, data-s-content-padding, data-s-title and data-footerattributes. To address this issue, users should upgrade TablePress plugin to versions 3.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5096.

    Read more
    CMS
    27 May 2025 Business and Enterprise Solutions
    WordPress: CSRF Leading to Settings Manipulation and XSS in 4stats Plugin

    In 4stats plugin for WordPress versions up to and including 2.0.9 a medium severity vulnerability CVE-2025-3869 was detected. This Cross-Site Request Forgery (CSRF) vulnerability, caused by missing or incorrect nonce validation on the stats/stats.php page, allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request if they can trick a site administrator into performing an action such as clicking a link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3869.

    Read more
    CMS
    27 May 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Countdown Timer Widget in Exclusive Addons for Elementor Plugin

    In Exclusive Addons for Elementor plugin for WordPress versions up to and including 2.7.9.1 a medium severity vulnerability CVE-2025-4783 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the Countdown Timer Widget’s HTML attributes, which execute when a user accesses an affected page. To address this issue, users should upgrade Exclusive Addons for Elementor plugin to versions 2.7.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4783.

    Read more
    CMS
    22 May 2025 Business and Enterprise Solutions
    WordPress: Reflected XSS via Unsanitized Parameter in ClipArt Plugin

    In ClipArt plugin for WordPress versions through 0.2 a high severity vulnerability CVE-2024-12726 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12726.

    Read more
    CMS
    22 May 2025 Business and Enterprise Solutions
    WordPress: Path Traversal Allows Arbitrary Image Access in Hot Random Image Plugin

    In Hot Random Image plugin for WordPress versions up to and including 1.9.2 a medium severity vulnerability CVE-2025-4419 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to exploit a path traversal flaw via the ‘path’ parameter to access arbitrary images with allowed extensions outside the intended directory. To address this issue, users should upgrade Hot Random Image plugin to versions 1.9.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4419.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy