Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Get Started
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions
  • CMS

CMS

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    26 Jun 2025 Business and Enterprise Solutions
    Umbraco: Password Policy Exposure via Anonymous Endpoint

    In Umbraco versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1 a medium severity vulnerability CVE-2025-49147 was detected. This vulnerability allows unauthenticated attackers to access limited information about the configured password requirements via an anonymous endpoint, which could aid brute-force attacks. To address this issue, users should upgrade Umbraco to versions 10.8.11 or 13.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-49147.

    Read more
    CMS
    20 Jun 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Currency Shortcode in Euro FxRef Currency Converter Plugin

    In Euro FxRef Currency Converter plugin for WordPress versions up to and including 2.0.2 a medium severity vulnerability CVE-2025-6257 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the plugin’s currency shortcode due to insufficient input sanitization and output escaping. These scripts execute whenever a user accesses an injected page. To address this issue, users should upgrade Euro FxRef Currency Converter plugin to versions 2.0.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6257.

    Read more
    CMS
    20 Jun 2025 Business and Enterprise Solutions
    WordPress: Unauthorized Data Modification via Misconfigured Capability Checks in Opinion Stage Plugin

    In Poll, Survey & Quiz Maker Plugin by Opinion Stage for WordPress versions up to and including 19.9.0 a medium severity vulnerability CVE-2025-3880 was detected. This vulnerability allows authenticated users with Contributor access and above to change plugin settings, including the account email or connection status, due to insufficient permission checks. To address this issue, users should upgrade Poll, Survey & Quiz Maker Plugin to versions 19.10.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3880.

    Read more
    CMS
    20 Jun 2025 Business and Enterprise Solutions
    WordPress: Arbitrary File Upload in Pixabay Images Plugin

    In the Pixabay Images plugin for WordPress versions up to and including 3.4 a high severity vulnerability CVE-2025-4413 was detected. This vulnerability allows authenticated attackers with Author-level access and above to upload arbitrary files to the affected site’s server due to missing file type validation, which may lead to remote code execution. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4413.

    Read more
    CMS
    20 Jun 2025 Business and Enterprise Solutions
    WordPress: Arbitrary File Upload in Ultra Addons for Contact Form 7 Plugin

    In the Ultra Addons for Contact Form 7 plugin for WordPress versions up to and including 3.5.12 a high severity vulnerability CVE-2025-6220 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to upload arbitrary files to the affected site’s server due to missing file type validation in the save_options function, potentially leading to remote code execution. To address this issue, users should upgrade the Ultra Addons for Contact Form 7 plugin to versions 3.5.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6220.

    Read more
    CMS
    19 Jun 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via elementId Parameter in Gutenverse News Plugin

    In Gutenverse News plugin for WordPress versions up to and including 1.0.4 a medium severity vulnerability CVE-2025-5234 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to perform Stored Cross-Site Scripting (XSS) attacks via the ‘elementId’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Gutenverse News plugin to versions 2.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5234.

    Read more
    CMS
    19 Jun 2025 Business and Enterprise Solutions
    WordPress: Unauthorized Access and Data Modification in AI Engine Plugin

    In AI Engine plugin for WordPress versions 2.8.0 through 2.8.3 a high severity vulnerability CVE-2025-5071 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to gain unauthorized access to the MCP, enabling them to execute various commands such as `wp_create_user`, `wp_update_user`, `wp_update_option`, `wp_update_post`, and others. These actions can lead to privilege escalation and data loss. To address this issue, users should upgrade AI Engine plugin to versions 2.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5071.

    Read more
    CMS
    19 Jun 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Grid Builder in WPBakery Page Builder Plugin

    In WPBakery Page Builder plugin for WordPress versions up to and including 8.4.1 a medium severity vulnerability CVE-2025-4965 was detected. This vulnerability allows authenticated attackers with Author-level access and above to perform Stored Cross-Site Scripting (XSS) attacks via the Grid Builder feature due to insufficient input sanitization and output escaping on user-supplied attributes. To address this issue, users should upgrade WPBakery Page Builder plugin to versions 8.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4965.

    Read more
    CMS
    19 Jun 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Admin Settings in Football Pool Plugin

    In Football Pool plugin for WordPress versions up to and including 2.12.4 a medium severity vulnerability CVE-2025-5490 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to inject arbitrary web scripts into admin settings, leading to Stored Cross-Site Scripting (XSS) attacks in multi-site installations or setups where the unfiltered_html capability is disabled. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-5490.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base
    © HOSSTED 2025 All rights reserved
    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy