In WooCommerce Wishlist versions before 1.8.8 a high severity vulnerability CVE-2024-13694 was detected. This vulnerability allows unauthenticated attackers to extract data from wishlists they should not have access to, due to missing validation on a user-controlled key in the download_pdf_file() function. To address this issue, users should upgrade to version 1.8.8 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13694.
Read more E-commerceIn Sensei LMS WordPress plugin versions 4.24.3 and prior a medium severity vulnerability CVE-2025-0466 was detected. This vulnerability allows attackers to leak `sensei_email` and `sensei_message` information due to improper protection of some REST API routes. To address this issue, users should upgrade Sensei LMS plugin to version 4.24.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0466.
Read more CMS Business and Enterprise SolutionsIn ShopSite plugin for WordPress versions 1.5.10 and prior a high severity vulnerability CVE-2024-13510 was detected. This vulnerability allows attackers to update settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. To address this issue, users should upgrade ShopSite plugin to version 1.5.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13510.
Read more CMS Business and Enterprise SolutionsIn Qi Addons For Elementor plugin for WordPress versions 1.8.7 and prior a medium severity vulnerability CVE-2024-13699 was detected. This vulnerability allows authenticated users with Contributor-level access and above to inject arbitrary web scripts via the ‘cursor’ parameter, leading to Stored Cross-Site Scripting (XSS) that executes whenever a user accesses an injected page. To address this issue, users should upgrade Qi Addons For Elementor plugin to version 1.8.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13699.
In Custom Related Posts plugin for WordPress versions 1.7.3 and prior a medium severity vulnerability CVE-2024-12825 was detected. This vulnerability allows attackers with Subscriber-level access and above to search posts and modify link/unlink relations due to missing capability checks on three AJAX actions. To address this issue, users should upgrade Custom Related Posts plugin to version 1.7.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12825.
Read more CMS Business and Enterprise SolutionsIn Jupiter X Core plugin for WordPress versions 4.8.7 and prior a medium severity vulnerability CVE-2025-0365 was detected. This vulnerability allows attackers with Contributor-level access and above to read the contents of arbitrary files on the server via the inline SVG feature, potentially exposing sensitive information. To address this issue, users should upgrade Jupiter X Core plugin to version 4.8.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0365.
Read more CMS Business and Enterprise SolutionsIn WP Finance plugin for WordPress versions 1.3.6 and prior a high severity vulnerability CVE-2024-13097 was detected. This vulnerability allows attackers to execute malicious scripts via a Reflected Cross-Site Scripting (XSS) attack, potentially targeting high-privilege users such as admins. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13097.
Read more CMS Business and Enterprise SolutionsIn MagicForm plugin for WordPress versions 1.6.2 and prior a medium severity vulnerability CVE-2025-0939 was detected. This vulnerability allows authenticated attackers, with Subscriber-level access and above, to delete or view logs, modify forms, or change plugin settings due to missing capability checks on AJAX actions. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0939.
Read more CMS Business and Enterprise SolutionsIn The AI Infographic Maker plugin for WordPress versions 4.9.0 and prior a medium severity vulnerability CVE-2024-12415 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes due to improper validation of values before running do_shortcode. To address this issue, users should upgrade The AI Infographic Maker plugin to version 5.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12415.
Read more CMS Business and Enterprise Solutions