Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    29 Jul 2025 Business and Enterprise Solutions
    WordPress: Cart Manipulation Allows Free Product Acquisition in WoodMart Theme

    In the WoodMart theme for WordPress versions up to and including 8.2.6 a medium severity vulnerability CVE-2025-8097 was detected. This vulnerability allows unauthenticated attackers to manipulate cart quantities using fractional values via the qty parameter in the woodmart_update_cart_item function, where insufficient input validation enables setting extremely small quantities (e.g., 0.00001) that round the cart total to $0.00, resulting in unauthorized acquisition of virtual or downloadable products. To address this issue, users should update the WoodMart theme to versions 8.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8097.

    Read more
    CMS
    29 Jul 2025 Business and Enterprise Solutions
    GitLab Language Server: Missing Authentication Enables Arbitrary GraphQL Query Execution

    In GitLab Language Server versions from 7.6.0 up to but not including 7.30.0 a high severity vulnerability CVE-2025-8279 was detected. This vulnerability allows unauthorized attackers to execute arbitrary GraphQL queries due to missing authentication for a critical function and insufficient input validation. To address this issue, users should upgrade GitLab Language Server to version 7.30.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8279.

    Read more
    CMS
    28 Jul 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Audio Parameter in Mine CloudVod Plugin

    In Mine CloudVod plugin for WordPress versions up to and including 2.1.10 a medium severity vulnerability CVE-2025-8071 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject web scripts via the ‘audio’ parameter, which execute when a user accesses the affected page due to insufficient sanitization and escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8071.

    Read more
    CMS
    28 Jul 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via Multiple Parameters in Get Youtube Subs Plugin

    In the Get Youtube Subs plugin for WordPress versions up to and including 3.5 a medium severity vulnerability CVE-2025-7966 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘channel’, ‘layout’, and ‘subs_count’ parameters due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7966.

    Read more
    CMS
    25 Jul 2025 Business and Enterprise Solutions
    WordPress: Stored XSS via ‘audio’ Parameter in Mine CloudVod Plugin

    In Mine CloudVod plugin for WordPress versions up to and including 2.1.10 a medium severity vulnerability CVE-2025-8071 was detected. This vulnerability allows Contributor-level users to inject scripts via the ‘audio’ parameter, which execute when a user views the affected page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8071.

    Read more
    CMS
    23 Jul 2025 Business and Enterprise Solutions
    LibreNMS: Remote Code Execution via Unsanitized type Parameter in ajax_form.php Enables File Inclusion from Trusted Path

    In LibreNMS versions up to and including 25.6.0 a high severity vulnerability CVE-2025-54138 was discovered in the ajax_form.php endpoint. This vulnerability allows remote file inclusion based on user-controlled POST input, as the application directly uses the type parameter to dynamically include .inc.php files from the trusted includes/html/forms/ path without proper validation or allowlisting, introducing a Remote Code Execution (RCE) risk if an attacker can stage a file in that path—such as via symlinks, misconfigurations, or chained exploits. To address this issue, users should upgrade LibreNMS to versions 25.7.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54138.

    Read more
    CMS
    23 Jul 2025 Business and Enterprise Solutions
    WordPress: CSRF via Missing Nonce Validation in YANewsflash Plugin Allows Settings Change and Script Injection

    In the YANewsflash plugin for WordPress versions up to and including 1.0.3 a medium severity vulnerability CVE-2025-6054 was detected. This vulnerability allows unauthenticated attackers to update settings and inject malicious web scripts via a forged request, if they can trick a site administrator into performing an action such as clicking a link. This is due to missing or incorrect nonce validation on the yanewsflash/yanewsflash.php page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6054.

    Read more
    CMS
    23 Jul 2025 Business and Enterprise Solutions
    WordPress: Privilege Escalation via Unvalidated update_user_meta Call in Social Streams Plugin

    In the Social Streams plugin for WordPress versions up to and including 1.0.1 a high severity vulnerability CVE-2025-7722 was detected. This vulnerability allows authenticated users with Subscriber-level access or higher to escalate privileges to administrator by exploiting missing identity validation in the update_user_meta() function. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7722.

    Read more
    CMS
    23 Jul 2025 Business and Enterprise Solutions
    WordPress: Unauthenticated Registration Bypass via Exposed Endpoint in Omnishop Plugin

    In the Omnishop plugin for WordPress versions up to and including 1.0.9 a medium severity vulnerability CVE-2025-6215 was detected. This vulnerability lets unauthenticated attackers create customer accounts despite registration being disabled, by exploiting a publicly exposed /users/register endpoint that bypasses permission checks and calls wp_create_user() directly. The issue remains unfixed as of the latest version. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-6215.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}