In ElementsKit Pro plugin for WordPress versions 3.7.8 and prior a medium severity vulnerability CVE-2025-0321 was detected. This vulnerability allows attackers with Contributor-level access and above to inject malicious web scripts via the ‘url’ parameter, leading to DOM-based stored cross-site scripting (XSS). To address this issue, users should upgrade ElementsKit Pro plugin to version 3.7.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0321.
Read more CMS
In MailUp Auto Subscription plugin for WordPress versions 1.1.0 and prior a medium severity vulnerability CVE-2024-13521 was detected. This vulnerability allows unauthenticated attackers to perform cross-site request forgery (CSRF) attacks, enabling them to update settings and inject malicious web scripts by tricking a site administrator into clicking a link. To address this issue, users should upgrade MailUp Auto Subscription plugin to version 1.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13521.
Read more CMS
In ThemeREX Addons plugin for WordPress versions 2.32.3 and prior a critical severity vulnerability CVE-2024-13448 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially enabling remote code execution. To address this issue, users should upgrade ThemeREX Addons plugin to version 2.34.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13448.
Read more CMS
In Target Video Easy Publish plugin for WordPress versions up to and including 3.8.3 a medium severity vulnerability CVE-2024-13561 was detected. This vulnerability allows attackers to inject arbitrary web scripts via the brid_override_yt shortcode, leading to stored cross-site scripting (XSS). To address this issue, users should upgrade Target Video Easy Publish plugin for WordPress to version 3.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13561.
Read more CMS
In WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions 4.7.1 and prior a medium severity vulnerability CVE-2025-24644 was detected. This vulnerability allows attackers to execute a stored cross-site scripting (XSS) attack due to improper neutralization of input during web page generation. To address this issue, users should update the WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin to version 4.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24644.
Read more E-commerce
In WC Product Table WooCommerce Product Table Lite versions 3.8.7 and prior a medium severity vulnerability CVE-2025-24596 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, leading to unauthorized actions. To address this issue, users should upgrade WordPress WooCommerce Product Table Lite wordpress plugin to a version 3.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24596.
Read more E-commerce
In Dolibarr version 21.0.0-beta a medium severity vulnerability CVE-2024-55228 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter of the Product module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55228.
Read more ERP
In Umbraco versions from 14.0.0 before 14.3.2 and from 15.0.0 before 15.1.2 a medium severity vulnerability CVE-2025-24012 was detected. This vulnerability allows attackers to exploit cross-site scripting (XSS) when viewing certain localized backoffice components. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24012.
Read more CMS
In Umbraco version 14.3.1 a medium severity vulnerability CVE-2024-55488 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload, resulting in stored cross-site scripting (XSS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55488.
Read more CMS