Business and Enterprise Solutions

In Cookie Notice Bar plugin for WordPress versions 1.3.0 and prior a medium severity vulnerability CVE-2024-13849 was detected. This vulnerability allows authenticated attackers with administrator-level access to exploit Stored Cross-Site Scripting (XSS) due to insufficient input sanitization and output escaping, enabling the injection of arbitrary web scripts into pages that execute whenever a user accesses an affected page, particularly impacting multi-site installations and setups where unfiltered_html is disabled. Currently, there is no fix version for that issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13849.

In FormCraft plugin for WordPress versions 3.9.11 and prior a high severity vulnerability CVE-2025-0817 was detected. This vulnerability allows attackers to inject arbitrary web scripts via SVG file uploads, due to insufficient input sanitization and output escaping. To address this issue, users should upgrade FormCraft plugin to version 3.9.12 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0817.

In ElementsKit Elementor addons plugin for WordPress versions 3.4.0 and prior a medium severity vulnerability CVE-2025-0968 was detected. This vulnerability allows unauthenticated attackers to view sensitive information, such as posts, pages, templates, drafts, trashed, and private items, due to missing capability checks on the get_megamenu_content() function. To address this issue, users should upgrade ElementsKit Elementor addons plugin to version 3.4.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0968.

In Bit Assist plugin for WordPress versions 1.5.2 and prior a medium severity vulnerability CVE-2025-0822 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to read arbitrary files on the server, potentially exposing sensitive information. To address this issue, users should upgrade Bit Assist plugin to version 1.5.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0822.

In MemorialDay plugin for WordPress versions 1.0.4 and prior a medium severity vulnerability CVE-2024-13523 was detected. This vulnerability allows unauthenticated attackers to update settings and inject malicious scripts via a forged request if they can trick an administrator into clicking a link. To address this issue, users should upgrade MemorialDay plugin to version 1.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13523.

In Threepress plugin for WordPress versions 1.7.1 and prior a medium severity vulnerability CVE-2024-13395 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the ‘threepress’ shortcode, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Threepress plugin to version 1.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13395.

In FormCraft plugin for WordPress versions 3.9.11 and prior a medium severity vulnerability CVE-2024-13783 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to export all plugin data, potentially exposing sensitive form submissions. To address this issue, users should upgrade FormCraft plugin to version 3.9.12. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13783.

In Post SMTP plugin for WordPress versions 3.0.2 and prior a high severity vulnerability CVE-2025-0521 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘from’ and ‘subject’ parameters, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Post SMTP plugin to version 3.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0521.

In Brizy – Page Builder plugin for WordPress versions 2.6.8 and prior a medium severity vulnerability CVE-2024-10322 was detected. This vulnerability allows authenticated attackers with Author-level access and above to exploit insufficient input sanitization and output escaping via REST API SVG file uploads, potentially resulting in stored Cross-Site Scripting (XSS) attacks that inject arbitrary web scripts, which execute whenever a user accesses the SVG file. To address this issue, users should upgrade Brizy – Page Builder plugin to version 2.6.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10322.