In WP-Recall plugin for WordPress versions prior to 16.26.12 a low severity vulnerability CVE-2024-9771 was detected. This vulnerability allows high privilege users such as administrators to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed, such as in a multisite setup. To address this issue, users should upgrade WP-Recall plugin to versions 16.26.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9771.
Read more CMSIn The Anps Theme plugin for WordPress versions up to and including 1.1.1 a medium severity vulnerability CVE-2024-13812 was detected. This vulnerability allows attackers to execute arbitrary shortcodes without authentication, potentially leading to site compromise. To address this issue, users should upgrade The Anps Theme plugin to versions 1.1.25 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13812.
Read more CMSIn Aeropage Sync for Airtable plugin for WordPress versions up to and including 3.2.0 a medium severity vulnerability CVE-2025-3915 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to delete arbitrary posts. To address this issue, users should upgrade Aeropage Sync for Airtable plugin to versions 3.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3915.
Read more CMSIn Add Custom Page Template plugin versions up to and including 2.0.1 a high severity vulnerability CVE-2025-3491 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to execute arbitrary code on the server via insufficient sanitization of the ‘template_name’ parameter. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3491.
Read more CMSIn Jupiter X Core plugin versions up to and including 4.8.11 a high severity vulnerability CVE-2025-2105 was detected. This vulnerability allows attackers to inject PHP objects via deserialization of untrusted input from the ‘file’ parameter of the ‘raven_download_file’ function, and if a POP chain exists through another plugin or theme, it may enable file deletion, data retrieval, or code execution. To address this issue, users should upgrade Jupiter X Core plugin to versions 4.8.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2105.
Read more CMSIn Edumall theme for WordPress versions up to and including 4.2.4 a high severity vulnerability CVE-2025-2101 was detected. This vulnerability allows attackers to include and execute arbitrary PHP files on the server, potentially leading to code execution, bypassing access controls, or exposing sensitive information. To address this issue, users should upgrade Edumall theme to versions 4.3.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2101.
Read more CMSIn Upsell Funnel Builder for WooCommerce plugin for WordPress versions up to and including 3.0.0 a medium severity vulnerability CVE-2025-3743 was detected. This vulnerability allows unauthenticated attackers to manipulate the product ID and discount field associated with any order bump, enabling them to arbitrarily update the product and discount when adding it to the cart. To address this issue, users should upgrade Upsell Funnel Builder for WooCommerce plugin to versions 3.0.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3743.
Read more CMSIn Mayosis Core plugin for WordPress versions up to and including 5.4.1 a high severity vulnerability CVE-2025-1565 was detected. This vulnerability allows attackers to read the contents of arbitrary files on the server, potentially exposing sensitive information. To address this issue, users should upgrade Mayosis Core plugin to versions 5.4.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1565.
Read more CMSIn Klarna Checkout for WooCommerce plugin for WordPress versions prior to 2.13.5 a medium severity vulnerability CVE-2024-13925 was detected. This vulnerability allows unauthenticated attackers to flood log files using an exposed WooCommerce Ajax endpoint, rapidly consuming disk space and potentially filling the entire disk. To address this issue, users should upgrade Klarna Checkout for WooCommerce plugin to versions 2.13.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13925.
Read more CMS