Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    5 Feb 2026 Business and Enterprise Solutions
    Dolibarr: Persistent Cross-Site Scripting in LDAP Synchronization

    In Dolibarr versions up to and including 11.0.3 a medium severity vulnerability CVE-2020-36966 was detected. This vulnerability allows attackers to inject malicious scripts via the LDAP synchronization settings, specifically through the `host`, `slave`, and `port` parameters in `/dolibarr/admin/ldap.php`, potentially enabling arbitrary JavaScript execution and theft of user cookie information. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-36966.

    Read more
    ERP
    28 Jan 2026 Business and Enterprise Solutions
    WordPress: Missing Authorization Vulnerability in Simple Calendar for Elementor Plugin

    In the Simple Calendar for Elementor plugin for WordPress versions up to and including 1.6.6 a medium severity vulnerability CVE-2026-1310 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary calendar entries due to missing capability checks on the miga_ajax_editor_cal_delete function, which is hooked to the miga_editor_cal_delete AJAX action with both authenticated and unauthenticated access enabled. To address this issue, users should upgrade Simple Calendar for Elementor plugin to version 1.6.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1310.

    Read more
    CMS
    28 Jan 2026 Business and Enterprise Solutions
    WordPress: Missing Authorization Vulnerability in Easy Replace Image Plugin

    In the Easy Replace Image plugin for WordPress versions up to and including 3.5.2 a medium severity vulnerability CVE-2026-1298 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to replace arbitrary image attachments on the site via the image_replacement_from_url function, which is hooked to the eri_from_url AJAX action, due to missing capability checks. To address this issue, users should upgrade Easy Replace Image plugin to version 3.5.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1298.

    Read more
    CMS
    28 Jan 2026 Business and Enterprise Solutions
    WordPress: Unauthorized File Sharing Vulnerability in Frontend File Manager Plugin

    In the Frontend File Manager plugin for WordPress versions up to and including 23.5 a high severity vulnerability CVE-2026-1280 was detected. This vulnerability allows unauthenticated attackers to share arbitrary uploaded files via email and enumerate all uploaded files on the site – potentially exfiltrating sensitive administrator-only data – due to a missing capability check on the wpfm_send_file_in_email AJAX action and the use of sequential file IDs. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1280.

    Read more
    CMS
    28 Jan 2026 Business and Enterprise Solutions
    WordPress: Missing Authorization Vulnerability in RegistrationMagic Plugin

    In the RegistrationMagic plugin for WordPress versions up to and including 6.0.7.4 a medium severity vulnerability CVE-2026-1054 was detected. This vulnerability allows unauthenticated attackers to modify arbitrary plugin settings, including reCAPTCHA keys, security settings, and frontend menu titles, due to missing nonce verification and capability checks on the rm_set_otp AJAX action handler. To address this issue, users should upgrade RegistrationMagic plugin to version 6.0.7.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1054.

    Read more
    CMS
    28 Jan 2026 Business and Enterprise Solutions
    WordPress: Arbitrary File Deletion Vulnerability in Snow Monkey Forms Plugin

    In the Snow Monkey Forms plugin for WordPress versions up to and including 12.0.3 a critical severity vulnerability CVE-2026-1056 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the generate_user_dirpath function. To address this issue, users should upgrade Snow Monkey Forms plugin to version 12.0.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1056.

    Read more
    CMS
    27 Jan 2026 Business and Enterprise Solutions
    WordPress: Cross-Site Request Forgery (CSRF) Vulnerability in imwptip Plugin

    In the imwptip plugin for WordPress versions up to and including 1.1 a medium severity vulnerability CVE-2026-1377 was detected. This vulnerability allows unauthenticated attackers to update the plugin’s settings via a forged request due to missing nonce validation on the settings update functionality. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1377.

    Read more
    CMS
    27 Jan 2026 Business and Enterprise Solutions
    WordPress: Cross-Site Request Forgery (CSRF) Vulnerability in Change WP URL Plugin

    In the Change WP URL plugin for WordPress versions up to and including 1.0 a medium severity vulnerability CVE-2026-1398 was detected. This vulnerability allows unauthenticated attackers to change the WordPress login URL via a forged request due to missing or incorrect nonce validation on the change-wp-url page. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1398.

    Read more
    CMS
    27 Jan 2026 Business and Enterprise Solutions
    WordPress: Reflected XSS Vulnerability in Vzaar Media Management Plugin

    In the Vzaar Media Management plugin for WordPress versions up to and including 1.2 a medium severity vulnerability CVE-2026-1391 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via a Reflected Cross-Site Scripting (XSS) attack due to insufficient input sanitization and output escaping on the $_SERVER[‘PHP_SELF’] variable. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2026-1391.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}