Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    20 Mar 2025 Business and Enterprise Solutions
    WordPress: Reflected Cross-Site Scripting (XSS) Vulnerability in SpotBot Plugin

    In SpotBot plugin for WordPress versions 0.1.8 and prior a high severity vulnerability CVE-2024-13878 was detected. This vulnerability allows attackers to execute Reflected Cross-Site Scripting (XSS) attacks by exploiting an unsanitized parameter, potentially targeting high-privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13878.

    Read more
    CMS
    19 Mar 2025 Business and Enterprise Solutions
    WordPress: Time-Based SQL Injection Vulnerability in AHAthat Plugin

    In AHAthat Plugin for WordPress versions 1.6 and prior a medium severity vulnerability CVE-2025-2511 was detected. This vulnerability allows authenticated attackers with Administrator-level access and above to perform time-based SQL Injection via the ‘id’ parameter due to insufficient escaping and lack of proper SQL query preparation, enabling them to extract sensitive information from the database. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2511.

    Read more
    CMS
    19 Mar 2025 Business and Enterprise Solutions
    WordPress: Privilege Escalation Vulnerability in Service Finder Bookings Plugin

    In Service Finder Bookings plugin for WordPress versions 5.0 and prior a critical severity vulnerability CVE-2024-13442 was detected. This vulnerability allows unauthenticated attackers to take over accounts due to improper identity validation, enabling them to log in as any user with a known email or change passwords, including for administrators, to gain unauthorized access. To address this issue, users should upgrade Service Finder Bookings plugin to versions 5.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13442.

    Read more
    CMS
    19 Mar 2025 Business and Enterprise Solutions
    WordPress: Privilege Escalation Vulnerability in BoomBox Theme Extensions WordPress Plugin

    In BoomBox Theme Extensions plugin for WordPress versions 1.8.0 and prior a high severity vulnerability CVE-2024-12295 was detected. This vulnerability allows attackers with subscriber-level access to take over accounts by exploiting improper identity validation in the password reset function, enabling them to change any user’s password, including administrators, and gain unauthorized access. To address this issue, users should upgrade BoomBox Theme Extensions plugin to versions 1.8.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12295.

    Read more
    CMS
    19 Mar 2025 Business and Enterprise Solutions
    WordPress: Stored Cross-Site Scripting (XSS) Vulnerability in Site Reviews Plugin

    In Site Reviews plugin for WordPress versions before 7.2.5 a high severity vulnerability CVE-2025-1232 was detected. This vulnerability allows unauthenticated attackers to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization and escaping of certain review fields. To address this issue, users should upgrade Site Reviews plugin to versions 7.2.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1232.

    Read more
    CMS
    19 Mar 2025 Business and Enterprise Solutions
    WordPress: Arbitrary File Upload Vulnerability in File Away Plugin

    In File Away plugin for WordPress versions 3.9.9.0.1 and prior a critical severity vulnerability CVE-2025-2512 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files due to a missing capability check and lack of file type validation in the upload() function, potentially leading to remote code execution. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2512.

    Read more
    CMS
    18 Mar 2025 Business and Enterprise Solutions
    WordPress: Directory Listing Vulnerability in Download Manager Plugin

    In Download Manager WordPress plugin versions before 3.3.07 a medium severity vulnerability CVE-2024-13126 was detected. This vulnerability allows attackers to access unauthorized files due to the lack of directory listing prevention on web servers that don’t use htaccess. To address this issue, users should upgrade Download Manager WordPress plugin to version 3.3.07 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13126.

    Read more
    CMS
    18 Mar 2025 Business and Enterprise Solutions
    WordPress: Stored Cross-Site Scripting Vulnerability in Poll Maker Plugin

    In Poll Maker WordPress plugin versions before 5.5.4 a low severity vulnerability CVE-2024-13602 was detected. This vulnerability allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting (XSS) attacks due to improper sanitization and escaping of certain settings, even when the unfiltered_html capability is disallowed (e.g., in a multisite setup). To address this issue, users should upgrade Poll Maker WordPress plugin to version 5.5.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13602.

    Read more
    CMS
    18 Mar 2025 Business and Enterprise Solutions
    WordPress: Stored Cross-Site Scripting Vulnerability in GDPR Cookie Compliance Plugin

    In GDPR Cookie Compliance plugin for WordPress versions before 4.15.9 a low severity vulnerability CVE-2025-1624 was detected. This vulnerability allows attackers to perform Stored Cross-Site Scripting (XSS) attacks due to the plugin not sanitizing and escaping some of its settings, which could allow high privilege users such as admins to exploit it, even when the unfiltered_html capability is disallowed (e.g., in multisite setups). To address this issue, users should upgrade GDPR Cookie Compliance plugin to versions 4.15.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1624.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}