In Drupal versions prior to 10.3.13, 10.4.3, 11.0.12 and 11.1.3 a low severity vulnerability CVE-2025-3057 was detected. This vulnerability allows attackers to inject malicious scripts into error messages through improper neutralization of input during web page generation, potentially leading to unauthorized access to user data and session manipulation. To address this issue, users must upgrade to version 10.3.13 or later, 10.4.3 or later, 11.0.12 or later, or 11.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3057.
Read more CMSIn Drupal versions 8.0.0 to 10.3.12, 10.4.0 to 10.4.2, 11.0.0 to 11.0.11 and 11.1.0 to 11.1.2 a high severity vulnerability CVE-2025-31673 was detected. This vulnerability allows attackers to bypass authorization checks and access content they should not have permission to view, potentially leading to unauthorized data exposure. To address this issue, users should upgrade Drupal core to versions 10.3.13, 10.4.3, 11.0.12 or 11.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31673.
Read more CMSIn Drupal versions 8.0.0 to 10.3.12, 10.4.0 to 10.4.2, 11.0.0 to 11.0.11 and 11.1.0 to 11.1.2 a high severity vulnerability CVE-2025-31674 was detected. This vulnerability allows attackers to perform object injection by improperly modifying dynamically-determined object attributes, which can lead to unauthorized access and manipulation of sensitive data. To address this issue, users should upgrade Drupal Core to versions 10.3.13, 10.4.3, 11.0.12, 11.1.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-31674.
Read more CMSIn Cal.com versions up to and including 1.0.0 a medium severity vulnerability CVE-2025-31604 was detected. This vulnerability allows attackers to execute stored cross-site scripting (XSS) attacks by improperly neutralizing script-related HTML tags in a web page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-31604.
Read more ProductivityIn BWL Advanced FAQ Manager plugin for WordPress versions 2.1.4 and prior a high severity vulnerability CVE-2024-13801 was detected. This vulnerability allows attackers with Subscriber-level access or higher to modify option values without proper capability checks, potentially causing a denial of service (DoS) or enabling unauthorized actions such as registration settings adjustments. To address this issue, users should upgrade BWL Advanced FAQ Manager plugin to versions 2.1.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13801.
Read more CMSIn Newsletters plugin for WordPress versions 4.9.9.7 and prior a high severity vulnerability CVE-2025-2009 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts through the logging functionality, which will execute when users access an injected page. To address this issue, users should upgrade Newsletters plugin to versions 4.9.9.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2009.
Read more CMSIn Event Post plugin for WordPress versions 5.9.9 and prior a medium severity vulnerability CVE-2025-2167 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the plugin’s ‘events_list’ shortcodes due to insufficient input sanitization and output escaping on user-supplied attributes, which will execute whenever a user accesses an affected page. To address this issue, users should upgrade Event Post plugin to versions 5.9.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2167.
Read more CMSIn Jobs plugin for WordPress versions 2.7.11 and prior a medium severity vulnerability CVE-2025-1310 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server through the ‘job_postings_get_file’ parameter, which can contain sensitive information. To address this issue, users should upgrade Jobs plugin to versions 2.7.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1310.
Read more CMSIn Job Postings plugin for WordPress versions prior to 2.7.11 a medium severity vulnerability CVE-2024-10105 was detected. This vulnerability occurs due to the plugin failing to sanitize and escape certain settings, which could allow high privilege users such as contributors to perform Stored Cross-Site Scripting attacks, even when the unfiltered_html capability is disallowed (e.g., in a multisite setup). To address this issue, users should upgrade Job Postings plugin to versions 2.7.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10105.
Read more CMS