Proactive Insights and Support For Open-Source Applications
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
Book a demo
Book a demo
  • Applications
  • Platform
  • Support
  • Resources
    • 2025 OSS Research
    • FAQ
    • Newsflash
    • OSSpedia
    • How-to Guides
    • Case Studies
    • Articles
  • Company
    • About Us
    • The OSS in Hossted
  • Contact
  • Home
  • Knowledge Base
  • Newsflash
  • Business and Enterprise Solutions

Business and Enterprise Solutions

All OSSpediaArticlesHow ToNewsflashCase Studies
Don't Miss out!
Join our newsletter for exclusive updates on open source innovations.

    Selected category
    • Communication
      • Communication
    • Communication and Collaboration
      • Utility
      • Communication and Collaboration
      • Communication
    • Specialized Software
      • Educational
      • Graphic Design
    • Business and Enterprise Solutions
      • Customer Service
      • Productivity
      • Supply Chain Management (SCM)
      • CRM
      • E-commerce
      • CMS
      • Marketing Automation
      • ERP
    • Project and Agile Management
      • Project Management
      • IT Business Management
    • Infrastructure and Network
      • CMS
      • Networking
      • Storage
      • Security
    • DevOps
      • DevOps
      • Mobile App Development
      • Backup and Recovery
      • Data Analytics
      • Web Development
      • Developer Stacks
      • Cloud Computing
      • Monitoring
      • Application Development
      • Developer Tools
    • Data Management and Analytics
      • Communication
      • Application Development
      • Analytics
      • Machine Learning
      • Database
      • Data Analytics
    14 Jan 2025 Business and Enterprise Solutions
    MonicaHQ: Client-Side Injection Vulnerability in General Information Module

    In MonicaHQ version 4.1.2 a medium severity vulnerability CVE-2024-54999 was detected. This vulnerability allows attackers to exploit a Client-Side Injection via the `last_name` parameter in the General Information module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54999.

    Read more
    CRM
    14 Jan 2025 Business and Enterprise Solutions
    MonicaHQ: Authenticated Client-Side Injection Vulnerability in Journal Entry Editing

    In MonicaHQ version 4.1.1 a medium severity vulnerability CVE-2024-54997 was detected. This vulnerability allows attackers to exploit an authenticated Client-Side Injection via the `entry` text field at `/journal/entries/ID/edit`. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-54997.

    Read more
    CRM
    13 Jan 2025 Business and Enterprise Solutions
    Drupal: Node Access Rebuild Progressive Vulnerability

    In Drupal Node Access Rebuild Progressive versions from 7.X-1.0 to before 7.X-1.2 a medium severity vulnerability CVE-2024-13249 was detected. This vulnerability allows attackers to influence target behavior via framing. To address this issue, users should upgrade Node Access Rebuild Progressive to version 7.X-1.2 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13249.

    Read more
    CMS
    11 Jan 2025 Business and Enterprise Solutions
    WordPress: Arbitrary File Creation Vulnerability in WebinarPress Plugin

    In WordPress Webinar Plugin – WebinarPress versions up to 1.33.24 a high severity vulnerability CVE-2024-11270 was detected. This vulnerability allows authenticated attackers with subscriber-level access or higher to create arbitrary files via the ‘sync-import-imgs’ function, leading to potential remote code execution. To address this issue, users should upgrade to version 1.33.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11270.

    Read more
    CMS
    11 Jan 2025 Business and Enterprise Solutions
    Woocommerce: Unauthorized Data Modification Vulnerability in MIMO Woocommerce Order Tracking Plugin

    In MIMO Woocommerce Order Tracking Plugin versions up to 1.0.2 a medium severity vulnerability CVE-2024-5769 was detected. This vulnerability allows authenticated attackers with Subscriber-level access or higher to modify shipper tracking settings due to missing capability checks on several functions. There is no patched version available at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-5769.

    Read more
    E-commerce
    11 Jan 2025 Business and Enterprise Solutions
    WooCommerce: Unauthorized Gift Card Balance Modification Vulnerability in Ultimate Gift Cards Plugin

    In Ultimate Gift Cards for WooCommerce Plugin versions up to 2.9.1 a high severity vulnerability CVE-2024-11423 was detected. This vulnerability allows unauthenticated attackers to modify gift card balances via several REST API endpoints, such as /wp-json/gifting/recharge-giftcard, without making a payment or purchasing anything. To address this issue, users should upgrade to version 2.9.2 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11423.

    Read more
    E-commerce
    11 Jan 2025 Business and Enterprise Solutions
    WooCommerce: Reflected Cross-Site Scripting Vulnerability in Shipping via Planzer Plugin

    In Shipping via Planzer for WooCommerce Plugin versions up to 1.0.25 a medium severity vulnerability CVE-2024-12337 was detected. This vulnerability allows unauthenticated attackers to inject arbitrary web scripts via the ‘processed-ids’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade to version 1.0.26 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12337.

    Read more
    E-commerce
    10 Jan 2025 Business and Enterprise Solutions
    WordPress: Remote Code Execution via ‘wfu_ABSPATH’ Cookie Parameter in File Upload Plugin

    In WordPress File Upload plugin versions up to 4.24.12 a critical severity vulnerability CVE-2024-11635 was detected. This vulnerability allows unauthenticated attackers to execute remote code via the ‘wfu_ABSPATH’ cookie parameter. To address this issue, users must upgrade to WordPress File Upload plugin version 4.24.14 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11635.

    Read more
    CMS
    10 Jan 2025 Business and Enterprise Solutions
    WordPress: Cross-Site Request Forgery (CSRF) Vulnerability in Header Builder Plugin

    In WordPress Header Builder Plugin – Pearl versions up to 1.3.8 a medium severity vulnerability CVE-2024-12206 was detected. It allows attackers to delete headers by tricking admins into clicking malicious links. To address this issue, users should upgrade to version 1.3.9 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12206.

    Read more
    CMS
    Proactive Insights and Support For Open-Source Applications
    Contact us: Whatsapp
    Company
    • About Hossted
    • Data Processing Addendum
    Solutions
    • Applications
    • Support Plans
    • About Solution
    Resources
    • FAQ
    • Knowledge Base

    © HOSSTED 2026 All rights reserved

    • Privacy Policy
    • Terms and Conditions
    • Cookies Policy
    Cookie Settings

    We use cookies to measure marketing efforts and improve our services. Please review the cookie settings and confirm your choice.

    Functional Always active
    The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
    Preferences
    The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
    Statistics
    The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
    Marketing
    The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
    • Manage options
    • Manage services
    • Manage {vendor_count} vendors
    • Read more about these purposes
    View preferences
    • {title}
    • {title}
    • {title}