In YouTube Embed plugin for WordPress versions up to and including 10.3 a medium severity vulnerability CVE-2025-6692 was detected. This vulnerability lets logged-in users with Contributor access or higher add malicious code to pages. The code runs when someone opens the page. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-6692.
Read more CMS
In Sky Addons for Elementor plugin for WordPress versions up to and including 3.1.4 a medium severity vulnerability CVE-2025-8216 was detected. This bug lets logged-in users with Contributor access or higher add dangerous code to pages using widgets. The code runs when someone opens the page. To address this issue, users should update Sky Addons for Elementor plugin to version 3.2.0 or later. For more details, visit https://avd.aquasec.com/nvd/2025/cve-2025-8216.
Read more CMS
In the Station Pro plugin for WordPress versions up to and including 2.4.2 a medium severity vulnerability CVE-2025-7959 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘width’ and ‘height’ parameters due to insufficient input sanitization and output escaping. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-7959.
Read more CMS
In the Sky Addons for Elementor plugin for WordPress versions up to and including 3.1.4 a medium severity vulnerability CVE-2025-8216 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via multiple widgets due to insufficient input sanitization and output escaping on user-supplied attributes. To address this issue, users should update the Sky Addons for Elementor plugin to versions 3.2.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8216.
Read more Developer Tools
In the Memory Usage plugin for WordPress versions up to and including 3.98 a medium severity vulnerability CVE-2025-8104 was detected. This vulnerability allows unauthenticated attackers to silently install one of several whitelisted plugins via a forged request, due to missing nonce validation in the wpmemory_install_plugin() function. To address this issue, users should update the Memory Usage plugin to versions 3.99 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8104.
Read more CMS
In the WoodMart theme for WordPress versions up to and including 8.2.6 a medium severity vulnerability CVE-2025-8097 was detected. This vulnerability allows unauthenticated attackers to manipulate cart quantities using fractional values via the qty parameter in the woodmart_update_cart_item function, where insufficient input validation enables setting extremely small quantities (e.g., 0.00001) that round the cart total to $0.00, resulting in unauthorized acquisition of virtual or downloadable products. To address this issue, users should update the WoodMart theme to versions 8.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8097.
Read more CMS
In GitLab Language Server versions from 7.6.0 up to but not including 7.30.0 a high severity vulnerability CVE-2025-8279 was detected. This vulnerability allows unauthorized attackers to execute arbitrary GraphQL queries due to missing authentication for a critical function and insufficient input validation. To address this issue, users should upgrade GitLab Language Server to version 7.30.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-8279.
Read more CMS
In Apache HTTP Server version 2.4.64 a medium severity vulnerability CVE-2025-54090 was discovered. This vulnerability causes all RewriteCond expr … conditions to be incorrectly evaluated as true, potentially disrupting expected functionality and allowing unintended access due to misinterpreted conditions. To address this issue, users should update Apache HTTP Server to version 2.4.65. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-54090.
Read more Application Development
In Apache Tomcat versions 11.0.0-M1 through 11.0.8, 10.1.0-M1 through 10.1.42 and 9.0.0.M1 through 9.0.106 a low severity vulnerability CVE-2025-52520 was identified. This Integer Overflow vulnerability, triggered under specific and unlikely multipart upload configurations, could allow an attacker to bypass configured size limits and cause a Denial of Service (DoS). To address this issue, users should upgrade to versions 11.0.9, 10.1.43 or 9.0.107. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-52520.
Read more Application Development