Book a demo

Our news and updates

Choose category
21 May 2025 Communication and Collaboration
Mattermost: Unauthorized Access via Improper Restriction in ExperimentalSettings

In Mattermost versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11 a low severity vulnerability CVE-2025-2570 was detected. This vulnerability allows a System Manager to access `ExperimentalSettings` via the System Console even when the `RestrictSystemAdmin` setting is true, due to improper access control. To address this issue, users should upgrade Mattermost to versions above 10.5.3 or 9.11.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2570.

 Read more Communication
21 May 2025 Business and Enterprise Solutions
WordPress: Reflected XSS via Unsanitized Parameter in AffiliateImporterEb Plugin

In AffiliateImporterEb plugin for WordPress versions through 1.0.6 a high severity vulnerability CVE-2024-12733 was detected. This vulnerability allows attackers to perform Reflected Cross-Site Scripting (XSS) attacks, which could be exploited against high privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12733.

 Read more CMS
20 May 2025 DevOps
LibreNMS: Stored XSS via Group Name Parameter in Poller Groups Form

In LibreNMS versions up to and including 25.4.0 a low severity vulnerability CVE-2025-47931 was detected. This vulnerability allows attackers to inject malicious scripts via the group name parameter in the /poller/groups form, potentially executing those scripts when viewed by other users. To address this issue, users should upgrade LibreNMS to version 25.5.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47931.

 Read more Monitoring
20 May 2025 Data Management and Analytics
Pgpool-II: Authentication Bypass Enables Unauthorized Access

In Pgpool-II versions 4.0 and 4.1 series, 4.2.0 to 4.2.21, 4.3.0 to 4.3.14, 4.4.0 to 4.4.11, 4.5.0 to 4.5.6 and 4.6.0 a critical severity vulnerability CVE-2025-46801 was detected. This vulnerability allows attackers to bypass authentication and log in as arbitrary users, enabling them to read, modify, or disable data in the connected database. To address this issue, users should upgrade Pgpool-II to versions 4.6.1, 4.5.7, 4.4.12, 4.3.15, 4.2.22 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-46801.

 Read more Database
20 May 2025 Business and Enterprise Solutions
WordPress: Stored XSS via Countdown Block Options in Qi Blocks Plugin

In the Qi Blocks WordPress plugin versions prior to 1.4 a medium severity vulnerability CVE-2025-1626 was detected. This vulnerability allows authenticated users with Contributor-level access and above to perform Stored Cross-Site Scripting (XSS) attacks due to insufficient validation and escaping of Countdown block options before rendering them in a page or post. To address this issue, users should upgrade the Qi Blocks WordPress plugin to version 1.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1626.

 Read more CMS
20 May 2025 Business and Enterprise Solutions
WordPress: Privilege Escalation via Password Reset in Motors Theme

In the Motors theme for WordPress versions up to and including 5.6.67 a critical severity vulnerability CVE-2025-4322 was detected. This vulnerability allows unauthenticated attackers to escalate privileges by taking over user accounts, including administrator accounts, through improper identity validation during password updates. To address this issue, users should upgrade the Motors theme to versions 5.6.68 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-4322.

 Read more CMS
20 May 2025 Business and Enterprise Solutions
WordPress: Stored XSS via Unsanitized Settings in Ninja Forms Plugin

In the Ninja Forms WordPress plugin versions prior to 3.10.1 a low severity vulnerability CVE-2025-2524 was detected. This vulnerability allows high privilege users, such as administrators, to perform Stored Cross-Site Scripting (XSS) attacks even when the unfiltered_html capability is disallowed (e.g., in a multisite setup), due to insufficient sanitization and escaping of plugin settings. To address this issue, users should upgrade the Ninja Forms WordPress plugin to version 3.10.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2524.

 Read more CMS
19 May 2025 Business and Enterprise Solutions
WordPress: Sensitive Information Exposure via Insecure Uploads Directory in Wise Chat Plugin

In Wise Chat plugin for WordPress versions up to and including 3.3.3 a high severity vulnerability CVE-2024-13613 was detected. This vulnerability allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, potentially exposing file attachments from chat messages. To address this issue, users should upgrade Wise Chat plugin to versions 3.3.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13613.

 Read more CMS
19 May 2025 Communication and Collaboration
Zulip: Channel Creation Access Control Bypass via Privacy Setting Manipulation

In Zulip versions 10.0 to before 10.3 a medium severity vulnerability CVE-2025-47930 was detected. This vulnerability allows attackers to bypass the “Who can create public channels” access control by creating a private or web-public channel and then changing its privacy setting to public. Similarly, private channels can be created without proper permissions using the API or by altering HTML. To address this issue, users should upgrade Zulip to version 10.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-47930.

 Read more Communication