Get Started

Business and Enterprise Solutions

Selected category
19 Mar 2025 Business and Enterprise Solutions
WordPress: Arbitrary File Upload Vulnerability in File Away Plugin

In File Away plugin for WordPress versions 3.9.9.0.1 and prior a critical severity vulnerability CVE-2025-2512 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files due to a missing capability check and lack of file type validation in the upload() function, potentially leading to remote code execution. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2512.

 Read more CMS
19 Mar 2025 Business and Enterprise Solutions
WordPress: Time-Based SQL Injection Vulnerability in AHAthat Plugin

In AHAthat Plugin for WordPress versions 1.6 and prior a medium severity vulnerability CVE-2025-2511 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to perform time-based SQL Injection via the ‘id’ parameter due to insufficient escaping and lack of proper SQL query preparation, enabling them to extract sensitive information from the database. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2511.

 Read more CMS
19 Mar 2025 Business and Enterprise Solutions
WordPress: Privilege Escalation Vulnerability in Service Finder Bookings Plugin

In Service Finder Bookings plugin for WordPress versions 5.0 and prior a critical severity vulnerability CVE-2024-13442 was detected. This vulnerability allows unauthenticated attackers to take over accounts due to improper identity validation, enabling them to log in as any user with a known email or change passwords, including for administrators, to gain unauthorized access. To address this issue, users should upgrade Service Finder Bookings plugin to versions 5.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13442.

 Read more CMS
19 Mar 2025 Business and Enterprise Solutions
WordPress: Privilege Escalation Vulnerability in BoomBox Theme Extensions WordPress Plugin

In BoomBox Theme Extensions plugin for WordPress versions 1.8.0 and prior a high severity vulnerability CVE-2024-12295 was detected. This vulnerability allows attackers with subscriber-level access to take over accounts by exploiting improper identity validation in the password reset function, enabling them to change any user’s password, including administrators, and gain unauthorized access. To address this issue, users should upgrade BoomBox Theme Extensions plugin to versions 1.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12295.

 Read more CMS
19 Mar 2025 Business and Enterprise Solutions
WordPress: Stored Cross-Site Scripting (XSS) Vulnerability in Site Reviews Plugin

In Site Reviews plugin for WordPress versions before 7.2.5 a high severity vulnerability CVE-2025-1232 was detected. This vulnerability allows unauthenticated attackers to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization and escaping of certain review fields. To address this issue, users should upgrade Site Reviews plugin to versions 7.2.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1232.

 Read more CMS
18 Mar 2025 Business and Enterprise Solutions
WordPress: Directory Listing Vulnerability in Download Manager Plugin

In Download Manager WordPress plugin versions before 3.3.07 a medium severity vulnerability CVE-2024-13126 was detected. This vulnerability allows attackers to access unauthorized files due to the lack of directory listing prevention on web servers that don’t use htaccess. To address this issue, users should upgrade Download Manager WordPress plugin to version 3.3.07 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13126.

 Read more CMS
18 Mar 2025 Business and Enterprise Solutions
WordPress: Stored Cross-Site Scripting Vulnerability in Poll Maker Plugin

In Poll Maker WordPress plugin versions before 5.5.4 a low severity vulnerability CVE-2024-13602 was detected. This vulnerability allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization and escaping of certain settings, even when the unfiltered_html capability is disallowed (e.g., in a multisite setup). To address this issue, users should upgrade Poll Maker WordPress plugin to version 5.5.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13602.

 Read more CMS
18 Mar 2025 Business and Enterprise Solutions
WordPress: Stored Cross-Site Scripting Vulnerability in GDPR Cookie Compliance Plugin

In GDPR Cookie Compliance plugin for WordPress versions before 4.15.9 a low severity vulnerability CVE-2025-1624 was detected. This vulnerability allows attackers to perform Stored Cross-Site Scripting (XSS) attacks due to the plugin not sanitizing and escaping some of its settings, which could allow high privilege users such as admins to exploit it, even when the unfiltered_html capability is disallowed (e.g., in multisite setups). To address this issue, users should upgrade GDPR Cookie Compliance plugin to versions 4.15.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1624.

 Read more CMS
17 Mar 2025 Business and Enterprise Solutions
WordPress: Cross-Site Request Forgery Vulnerability in zoorum_set_options() in Zoorum Comments Plugin

In Zoorum Comments plugin for WordPress versions up to and including 0.9 a medium severity vulnerability CVE-2025-2163 was detected. This vulnerability allows unauthenticated attackers to exploit CSRF due to missing or incorrect nonce validation in the zoorum_set_options() function, enabling them to update settings and inject malicious scripts by tricking a site administrator into clicking a link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2163.

 Read more CMS