In FormCraft plugin for WordPress versions 3.9.11 and prior a high severity vulnerability CVE-2025-0817 was detected. This vulnerability allows attackers to inject arbitrary web scripts via SVG file uploads, due to insufficient input sanitization and output escaping. To address this issue, users should upgrade FormCraft plugin to version 3.9.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0817.
Read more CMS Business and Enterprise SolutionsIn ElementsKit Elementor addons plugin for WordPress versions 3.4.0 and prior a medium severity vulnerability CVE-2025-0968 was detected. This vulnerability allows unauthenticated attackers to view sensitive information, such as posts, pages, templates, drafts, trashed, and private items, due to missing capability checks on the get_megamenu_content() function. To address this issue, users should upgrade ElementsKit Elementor addons plugin to version 3.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0968.
Read more CMS Business and Enterprise SolutionsIn Bit Assist plugin for WordPress versions 1.5.2 and prior a medium severity vulnerability CVE-2025-0822 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to read arbitrary files on the server, potentially exposing sensitive information. To address this issue, users should upgrade Bit Assist plugin to version 1.5.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0822.
Read more CMS Newsflash Business and Enterprise SolutionsIn MemorialDay plugin for WordPress versions 1.0.4 and prior a medium severity vulnerability CVE-2024-13523 was detected. This vulnerability allows unauthenticated attackers to update settings and inject malicious scripts via a forged request if they can trick an administrator into clicking a link. To address this issue, users should upgrade MemorialDay plugin to version 1.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13523.
Read more CMS Newsflash Business and Enterprise SolutionsIn Threepress plugin for WordPress versions 1.7.1 and prior a medium severity vulnerability CVE-2024-13395 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the ‘threepress’ shortcode, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Threepress plugin to version 1.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13395.
Read more CMS Newsflash Business and Enterprise SolutionsIn FormCraft plugin for WordPress versions 3.9.11 and prior a medium severity vulnerability CVE-2024-13783 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to export all plugin data, potentially exposing sensitive form submissions. To address this issue, users should upgrade FormCraft plugin to version 3.9.12. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13783.
Read more CMS Newsflash Business and Enterprise SolutionsIn Post SMTP plugin for WordPress versions 3.0.2 and prior a high severity vulnerability CVE-2025-0521 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘from’ and ‘subject’ parameters, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Post SMTP plugin to version 3.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0521.
Read more CMS Newsflash Business and Enterprise SolutionsIn WP Foodbakery plugin for WordPress versions 3.3 and prior a critical severity vulnerability CVE-2025-0180 was detected. This vulnerability allows attackers to gain administrator access to a WordPress site by exploiting a flaw in the WP Foodbakery plugin, enabling them to register as an admin without authentication. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-0180.
Read more CMS Newsflash Business and Enterprise SolutionsIn Sensei LMS WordPress plugin versions 4.24.3 and prior a medium severity vulnerability CVE-2025-0466 was detected. This vulnerability allows attackers to leak `sensei_email` and `sensei_message` information due to improper protection of some REST API routes. To address this issue, users should upgrade Sensei LMS plugin to version 4.24.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0466.
Read more CMS Business and Enterprise Solutions