Business and Enterprise Solutions

In Sky Addons for Elementor plugin for WordPress versions up to and including 3.1.4 a medium severity vulnerability CVE-2025-8216 was detected. This bug lets logged-in users with Contributor access or higher add dangerous code to pages using widgets. The code runs when someone opens the page. To address this issue, users should update Sky Addons for Elementor plugin to version 3.2.0 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-8216.

In Magical Addons for Elementor plugin for WordPress versions up to and including 1.3.8 a medium severity vulnerability CVE-2025-8196 was detected. This bug lets logged-in users with Contributor access or higher add dangerous code using custom attributes. The code runs when someone opens the page. To address this issue, users should update Magical Addons for Elementor plugin to versions 1.3.9 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-8196.

In the Station Pro plugin for WordPress versions up to and including 2.4.2 a medium severity vulnerability CVE-2025-7959 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘width’ and ‘height’ parameters due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7959.

In the Memory Usage plugin for WordPress versions up to and including 3.98 a medium severity vulnerability CVE-2025-8104 was detected. This vulnerability allows unauthenticated attackers to silently install one of several whitelisted plugins via a forged request, due to missing nonce validation in the wpmemory_install_plugin() function. To address this issue, users should update the Memory Usage plugin to versions 3.99 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8104.

In the WoodMart theme for WordPress versions up to and including 8.2.6 a medium severity vulnerability CVE-2025-8097 was detected. This vulnerability allows unauthenticated attackers to manipulate cart quantities using fractional values via the qty parameter in the woodmart_update_cart_item function, where insufficient input validation enables setting extremely small quantities (e.g., 0.00001) that round the cart total to $0.00, resulting in unauthorized acquisition of virtual or downloadable products. To address this issue, users should update the WoodMart theme to versions 8.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8097.

In GitLab Language Server versions from 7.6.0 up to but not including 7.30.0 a high severity vulnerability CVE-2025-8279 was detected. This vulnerability allows unauthorized attackers to execute arbitrary GraphQL queries due to missing authentication for a critical function and insufficient input validation. To address this issue, users should upgrade GitLab Language Server to version 7.30.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8279.

In Mine CloudVod plugin for WordPress versions up to and including 2.1.10 a medium severity vulnerability CVE-2025-8071 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject web scripts via the ‘audio’ parameter, which execute when a user accesses the affected page due to insufficient sanitization and escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8071.

In the Get Youtube Subs plugin for WordPress versions up to and including 3.5 a medium severity vulnerability CVE-2025-7966 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘channel’, ‘layout’, and ‘subs_count’ parameters due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7966.

In Mine CloudVod plugin for WordPress versions up to and including 2.1.10 a medium severity vulnerability CVE-2025-8071 was detected. This vulnerability allows Contributor-level users to inject scripts via the ‘audio’ parameter, which execute when a user views the affected page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8071.