Business and Enterprise Solutions

In Academist Membership plugin for WordPress versions 1.1.6 and prior a critical severity vulnerability CVE-2025-1671 was detected. This vulnerability allows unauthenticated attackers to escalate their privileges and log in as any user, including site administrators, due to improper identity verification in the academist_membership_check_facebook_user() function. To address this issue, users should upgrade Academist Membership plugin to versions 1.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1671.

In Odoo Community version 15.0 and Odoo Enterprise version 15.0 a high severity vulnerability CVE-2024-12368 was detected. This vulnerability allows an internal user to export the OAuth tokens of other users. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12368.

In Mautic versions before 5.2.3 two critical security vulnerabilities CVE-2024-47051 were detected. These vulnerabilities allow authenticated users to execute remote code via asset upload by bypassing file extension restrictions and to delete arbitrary files through a path traversal flaw. To address this issues, users should upgrade Mautic to versions 5.2.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47051.

In Odoo Community version 17.0 and Odoo Enterprise version 17.0 a high severity vulnerability CVE-2024-36259 was detected. This vulnerability allows remote authenticated attackers to extract sensitive information via an oracle-based (yes/no response) crafted attack. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-36259.

In WooCommerce Support Ticket System plugin for WordPress, versions 17.8 and prior a medium severity vulnerability CVE-2024-13775 was detected. This allows attackers with Subscriber-level access or higher to delete posts and access user data. To address this issue, users should upgrade WooCommerce Support Ticket System plugin to version 17.9 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13775.

In Post Grid and Gutenberg Blocks – ComboBlocks plugin for WordPress versions 2.3.5 and prior a medium severity vulnerability CVE-2024-13798 was detected. This vulnerability allows unauthenticated attackers to create new orders for products and mark them as paid without completing a payment due to insufficient verification on form fields. To address this issue, users should upgrade Post Grid and Gutenberg Blocks – ComboBlocks plugin to version 2.3.6. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13798.

In Rife Elementor Extensions & Templates plugin for WordPress versions 1.2.5 and prior a medium severity vulnerability CVE-2024-13564 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to exploit Stored Cross-Site Scripting (XSS) via the Writing Effect Headline shortcode, enabling them to inject arbitrary web scripts that execute when users access an affected page due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Rife Elementor Extensions & Templates plugin to version 2.38.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13564.

In IP2Location Country Blocker plugin for WordPress versions 2.38.8 and prior a medium severity vulnerability CVE-2025-1361 was detected. This vulnerability allows unauthenticated attackers to access and view the plugin’s settings due to missing capability checks on the admin_init() function. To address this issue, users should upgrade IP2Location Country Blocker plugin to version 2.38.9. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1361.

In WP-Appbox plugin for WordPress versions 4.5. and prior a medium severity vulnerability CVE-2025-1489 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to exploit Stored Cross-Site Scripting (XSS) via the appbox shortcode due to insufficient input sanitization and output escaping. To address this issue, users should upgrade WP-Appbox plugin to version 4.5.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1489.