In Meta Data and Taxonomies Filter plugin for WordPress versions up to and including 1.3.3.6 a medium severity vulnerability CVE-2024-13340 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages via the ‘mdf_results_by_ajax’ shortcode, due to insufficient input sanitization and output escaping on user-supplied attributes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13340.
Read more CMS
In Directus versions prior to 11.2.0 a medium severity vulnerability CVE-2025-24353 was detected. This vulnerability allows attackers to exploit the item sharing feature to specify an arbitrary role, potentially escalating privileges and accessing fields that should otherwise remain hidden. To address this issue, users should upgrade Directus to version 11.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24353.
Read more CMS
In Umbraco versions 14.0.0 up to 14.3.1 and 15.0.0 up to 15.1.1 a medium severity vulnerability CVE-2025-24011 was detected. This vulnerability allows attackers to determine if an account exists by analyzing response codes and timing from the management API. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24011.
Read more CMS
In SuiteCRM version 7.12.7 a high severity vulnerability CVE-2022-45186 was detected. This vulnerability allows authenticated users to recover arbitrary fields from the database. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-45186.
Read more CRM
In MonicaHQ version 4.1.2 a medium severity vulnerability CVE-2024-54999 was detected. This vulnerability allows attackers to exploit a Client-Side Injection via the `last_name` parameter in the General Information module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54999.
Read more CRM
In MonicaHQ version 4.1.1 a medium severity vulnerability CVE-2024-54997 was detected. This vulnerability allows attackers to exploit an authenticated Client-Side Injection via the `entry` text field at `/journal/entries/ID/edit`. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54997.
Read more CRM
In Drupal Node Access Rebuild Progressive versions from 7.X-1.0 to before 7.X-1.2 a medium severity vulnerability CVE-2024-13249 was detected. This vulnerability allows attackers to influence target behavior via framing. To address this issue, users should upgrade Node Access Rebuild Progressive to version 7.X-1.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13249.
Read more CMS
In WordPress Webinar Plugin – WebinarPress versions up to 1.33.24 a high severity vulnerability CVE-2024-11270 was detected. This vulnerability allows authenticated attackers with subscriber-level access or higher to create arbitrary files via the ‘sync-import-imgs’ function, leading to potential remote code execution. To address this issue, users should upgrade to version 1.33.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11270.
Read more CMS
In MIMO Woocommerce Order Tracking Plugin versions up to 1.0.2 a medium severity vulnerability CVE-2024-5769 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify shipper tracking settings due to missing capability checks on several functions. There is no patched version available at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5769.
Read more E-commerce