Get Started

Business and Enterprise Solutions

Selected category
29 Jan 2025 Business and Enterprise Solutions
WordPress: Reflected XSS Vulnerability in Competition Form Plugin

In Competition Form plugin for WordPress versions 2.0 and prior a medium severity vulnerability CVE-2024-12749 was detected. This vulnerability allows attackers to execute reflected cross-site scripting (XSS) attacks, which could target high-privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12749.

 Read more CMS
29 Jan 2025 Business and Enterprise Solutions
WordPress: DOM-Based Stored XSS Vulnerability in ElementsKit Pro Plugin

In ElementsKit Pro plugin for WordPress versions 3.7.8 and prior a medium severity vulnerability CVE-2025-0321 was detected. This vulnerability allows attackers with Contributor-level access and above to inject malicious web scripts via the ‘url’ parameter, leading to DOM-based stored cross-site scripting (XSS). To address this issue, users should upgrade ElementsKit Pro plugin to version 3.7.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0321.

 Read more CMS
29 Jan 2025 Business and Enterprise Solutions
WordPress: Cross-Site Request Forgery (CSRF) Vulnerability in MailUp Auto Subscription Plugin

In MailUp Auto Subscription plugin for WordPress versions 1.1.0 and prior a medium severity vulnerability CVE-2024-13521 was detected. This vulnerability allows unauthenticated attackers to perform cross-site request forgery (CSRF) attacks, enabling them to update settings and inject malicious web scripts by tricking a site administrator into clicking a link. To address this issue, users should upgrade MailUp Auto Subscription plugin to version 1.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13521.

 Read more CMS
29 Jan 2025 Business and Enterprise Solutions
WordPress: Arbitrary File Upload Vulnerability in ThemeREX Addons Plugin

In ThemeREX Addons plugin for WordPress versions 2.32.3 and prior a critical severity vulnerability CVE-2024-13448 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially enabling remote code execution. To address this issue, users should upgrade ThemeREX Addons plugin to version 2.34.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13448.

 Read more CMS
29 Jan 2025 Business and Enterprise Solutions
WordPress: Stored XSS Vulnerability in Shortcode in Target Video Easy Publish Plugin

In Target Video Easy Publish plugin for WordPress versions up to and including 3.8.3 a medium severity vulnerability CVE-2024-13561 was detected. This vulnerability allows attackers to inject arbitrary web scripts via the brid_override_yt shortcode, leading to stored cross-site scripting (XSS). To address this issue, users should upgrade Target Video Easy Publish plugin for WordPress to version 3.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13561.

 Read more CMS
28 Jan 2025 Business and Enterprise Solutions
Dolibarr: Cross-Site Scripting (XSS) Vulnerability in Product Module

In Dolibarr version 21.0.0-beta a medium severity vulnerability CVE-2024-55228 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter of the Product module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55228.

 Read more ERP
28 Jan 2025 Business and Enterprise Solutions
WooCommerce: Stored XSS Vulnerability in WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels Plugin

In WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions 4.7.1 and prior a medium severity vulnerability CVE-2025-24644 was detected. This vulnerability allows attackers to execute a stored cross-site scripting (XSS) attack due to improper neutralization of input during web page generation. To address this issue, users should update the WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin to version 4.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24644.

 Read more E-commerce
28 Jan 2025 Business and Enterprise Solutions
WooCommerce: Missing Authorization Vulnerability in WC Product Table Lite Plugin

In WC Product Table WooCommerce Product Table Lite versions 3.8.7 and prior a medium severity vulnerability CVE-2025-24596 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, leading to unauthorized actions. To address this issue, users should upgrade WordPress WooCommerce Product Table Lite wordpress plugin to a version 3.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24596.

 Read more E-commerce
27 Jan 2025 Business and Enterprise Solutions
Umbraco: XSS Vulnerability in Localized Backoffice Components

In Umbraco versions from 14.0.0 before 14.3.2 and from 15.0.0 before 15.1.2 a medium severity vulnerability CVE-2025-24012 was detected. This vulnerability allows attackers to exploit cross-site scripting (XSS) when viewing certain localized backoffice components. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24012.

 Read more CMS