Business and Enterprise Solutions

In Jupiter X Core plugin for WordPress versions 4.8.7 and prior a medium severity vulnerability CVE-2025-0365 was detected. This vulnerability allows attackers with Contributor-level access and above to read the contents of arbitrary files on the server via the inline SVG feature, potentially exposing sensitive information. To address this issue, users should upgrade Jupiter X Core plugin to version 4.8.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0365.

In WP Finance plugin for WordPress versions 1.3.6 and prior a high severity vulnerability CVE-2024-13097 was detected. This vulnerability allows attackers to execute malicious scripts via a Reflected Cross-Site Scripting (XSS) attack, potentially targeting high-privilege users such as admins. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13097.

In MagicForm plugin for WordPress versions 1.6.2 and prior a medium severity vulnerability CVE-2025-0939 was detected. This vulnerability allows authenticated attackers, with Subscriber-level access and above, to delete or view logs, modify forms, or change plugin settings due to missing capability checks on AJAX actions. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0939.

In The AI Infographic Maker plugin for WordPress versions 4.9.0 and prior a medium severity vulnerability CVE-2024-12415 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes due to improper validation of values before running do_shortcode. To address this issue, users should upgrade The AI Infographic Maker plugin to version 5.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12415.

In WP DataTable plugin for WordPress versions 0.2.6 and prior a medium severity vulnerability CVE-2024-13566 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘id’ parameter, leading to Stored Cross-Site Scripting. To address this issue, users should upgrade WP DataTable plugin to version 0.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13566.

In WP Image Uploader plugin for WordPress versions 1.0.1 and prior a high severity vulnerability CVE-2024-13720 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the `gky_image_uploader_main_function()` function, potentially leading to remote code execution if critical files, such as`wp-config.php`, are deleted. To address this issue, users should upgrade to a patched version once available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13720.

In StageShow plugin for WordPress versions 9.8.6 and prior a medium severity vulnerability CVE-2024-13705 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via improper escaping in the `remove_query_arg` function, potentially executing scripts when a user clicks on a malicious link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13705.

In Elementor Website Builder Pro plugin for WordPress versions 3.25.10 and prior a medium severity vulnerability CVE-2024-8494 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, and Draft Templates, via the `elementor-template` shortcode. To address this issue, users should upgrade Elementor Website Builder Pro plugin to version 3.25.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8494.