Get Started

Our news and updates

Choose category
22 May 2025 Business and Enterprise Solutions
WordPress: Stored XSS via Unescaped Post Titles in Blog2Social Plugin

In Blog2Social: Social Media Auto Post & Scheduler plugin for WordPress versions before 8.4.0 a medium severity vulnerability CVE-2025-4133 was detected. This vulnerability allows users with the Contributor role to perform Cross-Site Scripting (XSS) attacks by injecting malicious scripts into post titles, which are not properly escaped when displayed in the dashboard. To address this issue, users should upgrade Blog2Social: Social Media Auto Post & Scheduler plugin to versions 8.4.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4133.

 Read more CMS
22 May 2025 Business and Enterprise Solutions
WordPress: Reflected XSS via Unsanitized Parameter in ClipArt Plugin

In ClipArt plugin for WordPress versions through 0.2 a high severity vulnerability CVE-2024-12726 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12726.

 Read more CMS
22 May 2025 Data Management and Analytics
Grafana: Reflected XSS via Path Traversal and Open Redirect Leading to SSRF

In Grafana versions from 10.4.18+security-01 before 10.4.19, from 11.2.9+security-01 before 11.2.10, from 11.3.6+security-01 before 11.3.7, from 11.4.4+security-01 before 11.4.5, from 11.5.4+security-01 before 11.5.5, from 11.6.1+security-01 before 11.6.2 and from 12.0.0+security-01 before 12.0.1 a high severity vulnerability CVE-2025-4123 was detected. This vulnerability lets attackers redirect users to malicious sites executing JavaScript without editor rights, can cause SSRF with the Image Renderer plugin. To address this issue, users should upgrade Grafana to versions 10.4.18+security-01, 11.2.9+security-01, 11.3.6+security-01, 11.4.4+security-01, 11.5.4+security-01, 11.6.1+security-01 and 12.0.0+security-01. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4123.

 Read more Data Analytics
22 May 2025 Business and Enterprise Solutions
WordPress: Path Traversal Allows Arbitrary Image Access in Hot Random Image Plugin

In Hot Random Image plugin for WordPress versions up to and including 1.9.2 a medium severity vulnerability CVE-2025-4419 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to exploit a path traversal flaw via the ‘path’ parameter to access arbitrary images with allowed extensions outside the intended directory. To address this issue, users should upgrade Hot Random Image plugin to versions 1.9.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4419.

 Read more CMS
22 May 2025 Business and Enterprise Solutions
WordPress: Stored XSS via ‘link’ Parameter in Hot Random Image Plugin

In Hot Random Image plugin for WordPress versions up to and including 1.9.2 a medium severity vulnerability CVE-2025-4405 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘link’ parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Hot Random Image plugin to versions 1.9.3 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4405.

 Read more CMS
22 May 2025 Business and Enterprise Solutions
WordPress: Stored XSS via SVG Uploads in MapSVG Plugin

In MapSVG plugin for WordPress versions up to and including 8.6.4 a medium severity vulnerability CVE-2024-9544 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to upload malicious SVG files that inject arbitrary web scripts, which execute whenever a user accesses the file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9544.

 Read more CMS
21 May 2025 Communication and Collaboration
Mattermost: Unauthorized Access via Improper Restriction in ExperimentalSettings

In Mattermost versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11 a low severity vulnerability CVE-2025-2570 was detected. This vulnerability allows a System Manager to access `ExperimentalSettings` via the System Console even when the `RestrictSystemAdmin` setting is true, due to improper access control. To address this issue, users should upgrade Mattermost to versions above 10.5.3 or 9.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2570.

 Read more Communication
21 May 2025 Business and Enterprise Solutions
WordPress: Reflected XSS via Unsanitized Parameter in AffiliateImporterEb Plugin

In AffiliateImporterEb plugin for WordPress versions through 1.0.6 a high severity vulnerability CVE-2024-12733 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12733.

 Read more CMS
20 May 2025 DevOps
LibreNMS: Stored XSS via Group Name Parameter in Poller Groups Form

In LibreNMS versions up to and including 25.4.0 a low severity vulnerability CVE-2025-47931 was detected. This vulnerability allows attackers to inject malicious scripts via the group name parameter in the /poller/groups form, potentially executing those scripts when viewed by other users. To address this issue, users should upgrade LibreNMS to version 25.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47931.

 Read more Monitoring