In Ocean Extra plugin for WordPress versions up to and including 2.4.9 a medium severity vulnerability CVE-2025-9499 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘oceanwp_library’ shortcode, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Ocean Extra plugin to versions 2.5.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9499.
Read more CMS
In Liferay Portal versions 7.0.0 through 7.4.3.4, and Liferay DXP versions 7.4 GA, 7.3 GA through update 27, and older unsupported versions a high severity vulnerability CVE-2025-43772 was detected. This vulnerability allows an attacker to consume system memory by saving request parameters in the portlet session, which leads to denial-of-service (DoS) conditions. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.5 and Liferay DXP 7.4 update 1 or 7.3 update 28. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43772.
Read more CMS
In PopAd plugin for WordPress versions up to and including 1.0.4 a medium severity vulnerability CVE-2025-9616 was detected. This vulnerability allows an unauthenticated attacker to reset cookie time settings via a forged request. Currently, there is no fix version for this vulnerability. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9616.
Read more CMS
In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9824 was detected. This vulnerability allows attackers to determine if a username exists by measuring login response times, potentially enabling brute-force attacks. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9824.
Read more Marketing Automation
In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9823 was detected. This vulnerability allows attackers to run arbitrary JavaScript in another user’s browser session by exploiting a reflected XSS in the lead:addLeadTags endpoint. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9823.
Read more Marketing Automation
In Mautic versions 4.4.0 and later, including 5.0.0-alpha and 6.0.0-alpha a medium severity vulnerability CVE-2025-9822 was detected. This vulnerability allows an administrator to change application configuration and access secrets, such as database credentials, that are normally restricted. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9822.
Read more Marketing Automation
In Mautic versions 4.4.0 through 4.4.16, 5.0.0-alpha through 5.2.7, and 6.0.0-alpha through 6.0.4 a low severity vulnerability CVE-2025-9821 was detected. This vulnerability allows a user with webhook permissions to perform a Server-Side Request Forgery (SSRF) attack by sending webhooks to an unvalidated destination. To address this issue, users should upgrade Mautic to versions 4.4.17, 5.2.8 or 6.0.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-9821.
Read more Marketing Automation
In Liferay Portal versions 7.4.3.27 through 7.4.3.42, and Liferay DXP versions 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, and 7.4 update 27 through update 42 a high severity vulnerability CVE-2025-3586 was detected. This vulnerability allows an authenticated administrator with the Instance Administrator role to execute arbitrary Groovy scripts (i.e., remote code execution) through the Objects module. To address this issue, users should upgrade Liferay Portal to versions 7.4.3.43 and Liferay DXP to versions 2024.Q2.0 or 2024.Q3.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3586.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.132, and Liferay DXP versions 2025.Q2.0 through 2025.Q2.1, 2025.Q1.0 through 2025.Q1.14, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.0 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13 and 2024.Q1.1 through 2024.Q1.18 a medium severity vulnerability CVE-2025-43773 was detected. This vulnerability allows for improper access through the expandoTableLocalService. To address this issue, users should upgrade Liferay Portal to master branch and Liferay DXP to versions 2025.Q2.1, 2025.Q1.15 or 2024.Q1.19. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-43773.
Read more CMS