In Newsletters plugin for WordPress versions 4.9.9.7 and prior a high severity vulnerability CVE-2025-2009 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts through the logging functionality, which will execute when users access an injected page. To address this issue, users should upgrade Newsletters plugin to versions 4.9.9.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2009.
Read more CMS
In Event Post plugin for WordPress versions 5.9.9 and prior a medium severity vulnerability CVE-2025-2167 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the plugin’s ‘events_list’ shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes, which will execute whenever a user accesses an affected page. To address this issue, users should upgrade Event Post plugin to versions 5.9.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2167.
Read more CMS
In Jobs plugin for WordPress versions 2.7.11 and prior a medium severity vulnerability CVE-2025-1310 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server through the ‘job_postings_get_file’ parameter, which can contain sensitive information. To address this issue, users should upgrade Jobs plugin to versions 2.7.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1310.
Read more CMS
In Job Postings plugin for WordPress versions prior to 2.7.11 a medium severity vulnerability CVE-2024-10105 was detected. This vulnerability occurs due to the plugin failing to sanitize and escape certain settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed (e.g., in a multisite setup). To address this issue, users should upgrade Job Postings plugin to versions 2.7.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10105.
Read more CMS
In Digital License Manager plugin for WordPress versions up to and including 1.7.3 a medium severity vulnerability CVE-2025-2635 was detected. This vulnerability allows attackers to inject arbitrary web scripts via reflected cross-site scripting (XSS) by exploiting the improper use of the remove_query_arg() function without appropriate URL escaping, tricking users into performing actions such as clicking on a malicious link. To address this issue, users should upgrade Digital License Manager plugin to versions 1.7.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2635.
Read more CMS
In WP Church Donation plugin for WordPress versions 1.7 and prior a high severity vulnerability CVE-2024-13690 was detected. This vulnerability allows attackers to inject arbitrary web scripts via several donation form submission parameters, which execute whenever a user accesses the affected page due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13690.
Read more CMS
In teachPress plugin for WordPress versions 9.0.9 and prior a medium severity vulnerability CVE-2025-1320 was detected. This vulnerability allows attackers to delete imports via a forged request by exploiting missing or incorrect nonce validation on the import.php page, tricking site administrators into performing actions such as clicking on a malicious link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1320.
Read more CMS
In DICOM Support plugin for WordPress versions 0.10.6 and prior a medium severity vulnerability CVE-2024-12623 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the plugin’s ‘dcm’ shortcode due to insufficient input sanitization and output escaping on user-supplied attributes, with the injected scripts executing whenever a user accesses the affected page. To address this issue, users should upgrade DICOM Support plugin to versions 0.10.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12623.
Read more CMS
In Liferay Portal versions 7.4.0 through 7.4.3.126 and Liferay DXP versions 2024.Q3.0, 2024.Q2.0 through 2024.Q2.12, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92 a medium severity vulnerability CVE-2025-2565 was detected. This vulnerability allows unauthorized users to obtain entry data from forms. To address this issue, users should upgrade Liferay Portal to version 7.4.3.129, Liferay DXP to versions 2024.Q4.0, 2024.Q3.1 or 2024.Q1.13. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2565.
Read more CMS