In WP DataTable plugin for WordPress versions 0.2.6 and prior a medium severity vulnerability CVE-2024-13566 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘id’ parameter, leading to Stored Cross-Site Scripting. To address this issue, users should upgrade WP DataTable plugin to version 0.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13566.
Read more CMS Business and Enterprise SolutionsIn WP Image Uploader plugin for WordPress versions 1.0.1 and prior a high severity vulnerability CVE-2024-13720 was detected. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server due to insufficient file path validation in the `gky_image_uploader_main_function()` function, potentially leading to remote code execution if critical files, such as`wp-config.php`, are deleted. To address this issue, users should upgrade to a patched version once available. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13720.
Read more CMS Business and Enterprise SolutionsIn StageShow plugin for WordPress versions 9.8.6 and prior a medium severity vulnerability CVE-2024-13705 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via improper escaping in the `remove_query_arg` function, potentially executing scripts when a user clicks on a malicious link. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13705.
Read more CMS Business and Enterprise SolutionsIn Elementor Website Builder Pro plugin for WordPress versions 3.25.10 and prior a medium severity vulnerability CVE-2024-8494 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, and Draft Templates, via the `elementor-template` shortcode. To address this issue, users should upgrade Elementor Website Builder Pro plugin to version 3.25.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8494.
Read more CMSIn Target Video Easy Publish plugin for WordPress versions up to and including 3.8.3 a medium severity vulnerability CVE-2024-13561 was detected. This vulnerability allows attackers to inject arbitrary web scripts via the brid_override_yt shortcode, leading to stored cross-site scripting (XSS). To address this issue, users should upgrade Target Video Easy Publish plugin for WordPress to version 3.8.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13561.
Read more CMSIn Competition Form plugin for WordPress versions 2.0 and prior a medium severity vulnerability CVE-2024-12749 was detected. This vulnerability allows attackers to execute reflected cross-site scripting (XSS) attacks, which could target high-privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12749.
Read more CMSIn ElementsKit Pro plugin for WordPress versions 3.7.8 and prior a medium severity vulnerability CVE-2025-0321 was detected. This vulnerability allows attackers with Contributor-level access and above to inject malicious web scripts via the ‘url’ parameter, leading to DOM-based stored cross-site scripting (XSS). To address this issue, users should upgrade ElementsKit Pro plugin to version 3.7.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0321.
Read more CMSIn MailUp Auto Subscription plugin for WordPress versions 1.1.0 and prior a medium severity vulnerability CVE-2024-13521 was detected. This vulnerability allows unauthenticated attackers to perform cross-site request forgery (CSRF) attacks, enabling them to update settings and inject malicious web scripts by tricking a site administrator into clicking a link. To address this issue, users should upgrade MailUp Auto Subscription plugin to version 1.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13521.
Read more CMSIn ThemeREX Addons plugin for WordPress versions 2.32.3 and prior a critical severity vulnerability CVE-2024-13448 was detected. This vulnerability allows unauthenticated attackers to upload arbitrary files to the affected site’s server, potentially enabling remote code execution. To address this issue, users should upgrade ThemeREX Addons plugin to version 2.34.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13448.
Read more CMS