Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions
  • CMS

CMS

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    8 May 2025 Business and Enterprise Solutions
    WordPress: Authentication Bypass via Apple OAuth in BuddyBoss Platform Pro Plugin

    In BuddyBoss Platform Pro plugin for WordPress versions up to and including 2.7.01 a critical severity vulnerability CVE-2025-1909 was detected. This vulnerability allows unauthenticated attackers to bypass authentication and log in as any existing user, including administrators, if they have access to the user’s email address, due to insufficient verification during the Apple OAuth authentication process. To address this issue, users should upgrade BuddyBoss Platform Pro plugin to versions 2.7.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1909.

    Read more
    CMS
    8 May 2025 Business and Enterprise Solutions
    WordPress: Unauthorized Nonce Access in Login Lockdown & Protection Plugin Enables IP Allowlisting

    In Login Lockdown & Protection plugin for WordPress versions up to and including 2.11 a medium severity vulnerability CVE-2025-3766 was detected. This vulnerability allows authenticated users with Subscriber-level access or higher to obtain a valid nonce via the ajax_run_tool function, enabling them to generate a global unlock key and add IPs to the allowlist—exploitable only on new installs where the loginlockdown page has not been visited by an admin. To address this issue, users should upgrade Login Lockdown & Protection plugin to versions 2.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3766.

    Read more
    CMS
    8 May 2025 Business and Enterprise Solutions
    WordPress: Privilege Escalation via Missing Capability Check in Frontend Dashboard Plugin

    In Frontend Dashboard Plugin for WordPress versions 1.0 to 2.2.6 a critical severity vulnerability CVE-2025-4104 was detected. This vulnerability allows unauthenticated attackers to reset the administrator’s email and password and escalate privileges to administrator due to a missing capability check in the fed_wp_ajax_fed_login_form_post() function. To address this issue, users should upgrade Frontend Dashboard Plugin to versions 2.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4104.

    Read more
    CMS
    8 May 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via ‘Price Range’ Parameter in WP SEO Structured Data Schema Plugin

    In WP SEO Structured Data Schema plugin for WordPress versions up to and including 2.7.11 a medium severity vulnerability CVE-2025-4127 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘Price Range’ parameter, which execute when an administrator accesses the plugin settings page, due to insufficient input sanitization and output escaping. To address this issue, users should upgrade WP SEO Structured Data Schema plugin to versions 2.8.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4127.

    Read more
    CMS
    7 May 2025 Business and Enterprise Solutions
    Liferay: Reflected XSS in Marketplace App Manager Web Module

    In Liferay Portal versions 7.4.0 through 7.4.3.131 and Liferay DXP versions 2024.Q4.0 through 2024.Q4.5, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 a medium severity vulnerability CVE-2025-4388 was detected. This vulnerability allows remote unauthenticated attackers to inject JavaScript into the modules/apps/marketplace/marketplace-app-manager-web via reflected cross-site scripting. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.132, Liferay DXP to versions 2024.Q1.13 or 2024.Q4.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4388.

    Read more
    CMS
    7 May 2025 Business and Enterprise Solutions
    Umbraco: User Enumeration via Timing Analysis in Post-Login API Responses

    In Umbraco versions prior to 10.8.10 and 13.8.1 a medium severity vulnerability CVE-2025-46736 was detected. This vulnerability allows attackers to determine whether an account exists by analyzing the timing of post-login API responses. To address this issue, users should upgrade Umbraco to versions 10.8.10 or 13.8.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46736.

    Read more
    CMS
    6 May 2025 Business and Enterprise Solutions
    WordPress: Arbitrary Shortcode Execution in LayoutBoxx Plugin

    In LayoutBoxx plugin for WordPress versions up to and including 0.3.1 a high severity vulnerability CVE-2025-2802 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes due to insufficient validation before calling do_shortcode. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2802.

    Read more
    CMS
    6 May 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via ‘id’ Parameter in Cision Block Plugin

    In Cision Block plugin for WordPress versions up to and including 4.3.0 a medium severity vulnerability CVE-2025-3782 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘id’ parameter due to insufficient input sanitization and output escaping, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Cision Block plugin to versions 4.4.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3782.

    Read more
    CMS
    6 May 2025 Business and Enterprise Solutions
    WordPress: Cross-Site Request Forgery via Missing Nonce Validation in AHAthat Plugin

    In AHAthat plugin for WordPress versions up to and including 1.6 a medium severity vulnerability CVE-2025-4337 was detected. This vulnerability allows unauthenticated attackers to delete AHA pages via a forged request by exploiting missing or incorrect nonce validation in the aha_plugin_page() function, provided they can trick a site administrator into performing an action such as clicking a malicious link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4337.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy