In MemorialDay plugin for WordPress versions 1.0.4 and prior a medium severity vulnerability CVE-2024-13523 was detected. This vulnerability allows unauthenticated attackers to update settings and inject malicious scripts via a forged request if they can trick an administrator into clicking a link. To address this issue, users should upgrade MemorialDay plugin to version 1.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13523.
Read more CMS Newsflash Business and Enterprise SolutionsIn Threepress plugin for WordPress versions 1.7.1 and prior a medium severity vulnerability CVE-2024-13395 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts via the ‘threepress’ shortcode, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Threepress plugin to version 1.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13395.
Read more CMS Newsflash Business and Enterprise SolutionsIn FormCraft plugin for WordPress versions 3.9.11 and prior a medium severity vulnerability CVE-2024-13783 was detected. This vulnerability allows authenticated attackers with Subscriber-level access and above to export all plugin data, potentially exposing sensitive form submissions. To address this issue, users should upgrade FormCraft plugin to version 3.9.12. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13783.
Read more CMS Newsflash Business and Enterprise SolutionsIn Post SMTP plugin for WordPress versions 3.0.2 and prior a high severity vulnerability CVE-2025-0521 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘from’ and ‘subject’ parameters, which execute whenever a user accesses an injected page. To address this issue, users should upgrade Post SMTP plugin to version 3.1.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0521.
Read more CMS Newsflash Business and Enterprise SolutionsIn Brizy – Page Builder plugin for WordPress versions 2.6.8 and prior a medium severity vulnerability CVE-2024-10322 was detected. This vulnerability allows authenticated attackers with Author-level access and above to exploit insufficient input sanitization and output escaping via REST API SVG file uploads, potentially resulting in stored Cross-Site Scripting (XSS) attacks that inject arbitrary web scripts, which execute whenever a user accesses the SVG file. To address this issue, users should upgrade Brizy – Page Builder plugin to version 2.6.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-10322.
Read more Newsflash Business and Enterprise SolutionsIn Welcart e-Commerce plugin for WordPress versions 2.11.9 and prior a high severity vulnerability CVE-2025-0511 was detected. This vulnerability allows attackers to exploit insufficient input sanitization and output escaping via the ‘name’ parameter, enabling unauthenticated attackers to inject arbitrary web scripts in pages, which will execute whenever a user accesses an injected page. To address this issue, users should upgrade Welcart e-Commerce plugin to version 2.11.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0511.
Read more Newsflash Business and Enterprise SolutionsIn Prestashop versions 8.1.7 a medium severity vulnerability CVE-2025-1230 was detected. This vulnerability allows attackers to exploit a Stored Cross-Site Scripting (XSS) flaw due to the lack of proper validation of user input through ‘/
In WP Foodbakery plugin for WordPress versions 3.3 and prior a critical severity vulnerability CVE-2025-0180 was detected. This vulnerability allows attackers to gain administrator access to a WordPress site by exploiting a flaw in the WP Foodbakery plugin, enabling them to register as an admin without authentication. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2025-0180.
Read more CMS Newsflash Business and Enterprise SolutionsIn Tripetto plugin for WordPress versions up to 8.0.8 a medium severity vulnerability CVE-2024-13829 was detected. This vulnerability allows unauthenticated attackers to extract sensitive data, including files uploaded via forms, through the ‘attachments.php’ file. To address this issue, users must upgrade to Tripetto version 8.0.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13829.
Read more CMS