Business and Enterprise Solutions

In Brizy – Page Builder plugin for WordPress versions 2.6.8 and prior a medium severity vulnerability CVE-2024-10322 was detected. This vulnerability allows authenticated attackers with Author-level access and above to exploit insufficient input sanitization and output escaping via REST API SVG file uploads, potentially resulting in stored Cross-Site Scripting (XSS) attacks that inject arbitrary web scripts, which execute whenever a user accesses the SVG file. To address this issue, users should upgrade Brizy – Page Builder plugin to version 2.6.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10322.

In Welcart e-Commerce plugin for WordPress versions 2.11.9 and prior a high severity vulnerability CVE-2025-0511 was detected. This vulnerability allows attackers to exploit insufficient input sanitization and output escaping via the ‘name’ parameter, enabling unauthenticated attackers to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. To address this issue, users should upgrade Welcart e-Commerce plugin to version 2.11.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0511.

In WP Foodbakery plugin for WordPress versions 3.3 and prior a critical severity vulnerability CVE-2025-0180 was detected. This vulnerability allows attackers to gain administrator access to a WordPress site by exploiting a flaw in the WP Foodbakery plugin, enabling them to register as an admin without authentication. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-0180.

In Tripetto plugin for WordPress versions up to 8.0.8 a medium severity vulnerability CVE-2024-13829 was detected. This vulnerability allows unauthenticated attackers to extract sensitive data, including files uploaded via forms, through the ‘attachments.php’ file. To address this issue, users must upgrade to Tripetto version 8.0.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13829.

In WooCommerce Wishlist versions before 1.8.8 a high severity vulnerability CVE-2024-13694 was detected. This vulnerability allows unauthenticated attackers to extract data from wishlists they should not have access to, due to missing validation on a user-controlled key in the download_pdf_file() function. To address this issue, users should upgrade to version 1.8.8 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13694.

In Sensei LMS WordPress plugin versions 4.24.3 and prior a medium severity vulnerability CVE-2025-0466 was detected. This vulnerability allows attackers to leak `sensei_email` and `sensei_message` information due to improper protection of some REST API routes. To address this issue, users should upgrade Sensei LMS plugin to version 4.24.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0466.

In ShopSite plugin for WordPress versions 1.5.10 and prior a high severity vulnerability CVE-2024-13510 was detected. This vulnerability allows attackers to update settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. To address this issue, users should upgrade ShopSite plugin to version 1.5.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13510.

In Qi Addons For Elementor plugin for WordPress versions 1.8.7 and prior a medium severity vulnerability CVE-2024-13699 was detected. This vulnerability allows authenticated users with Contributor-level access and above to inject arbitrary web scripts via the ‘cursor’ parameter, leading to Stored Cross-Site Scripting (XSS) that executes whenever a user accesses an injected page. To address this issue, users should upgrade Qi Addons For Elementor plugin to version 1.8.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13699.

In Custom Related Posts plugin for WordPress versions 1.7.3 and prior a medium severity vulnerability CVE-2024-12825 was detected. This vulnerability allows attackers with Subscriber-level access and above to search posts and modify link/unlink relations due to missing capability checks on three AJAX actions. To address this issue, users should upgrade Custom Related Posts plugin to version 1.7.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12825.