Book a demo

Our news and updates

Choose category
22 Apr 2025 Infrastructure and Network
Traefik: Path Matchers Vulnerable to Middleware Bypass via Path Traversal

In Traefik versions prior to 2.11.24, 3.3.6 and 3.4.0-rc2 a high severity vulnerability CVE-2025-32431 was detected. This vulnerability allows attackers to bypass middleware chains by exploiting path matchers (PathPrefix, Path, or PathRegex) when a request URL contains `/../`, potentially targeting unintended backends. To address this issue, users should upgrade Traefik to versions 2.11.24, 3.3.6 or 3.4.0-rc2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-32431.

 Read more Security
22 Apr 2025 Business and Enterprise Solutions
WordPress: Unauthenticated Shortcode Execution When WooCommerce is Active in Ocean Extra Plugin

In Ocean Extra plugin for WordPress versions up to and including 2.4.6 a medium severity vulnerability CVE-2025-3472 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes due to improper validation before calling do_shortcode, when WooCommerce is also installed and active. To address this issue, users should upgrade Ocean Extra plugin to versions 2.4.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3472.

 Read more CMS
22 Apr 2025 Business and Enterprise Solutions
WordPress: Stored XSS via Gallery ID Parameter with Classic Editor in Ocean Extra Plugin

In Ocean Extra plugin for WordPress versions up to and including 2.4.6 a medium severity vulnerability CVE-2025-3458 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the ocean_gallery_id parameter due to insufficient input sanitization and output escaping. To address this issue, users should upgrade Ocean Extra plugin to versions 2.4.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3458.

 Read more CMS
22 Apr 2025 Business and Enterprise Solutions
WordPress: Sensitive Data Exposure via WordPress Search in MemberPress Plugin

In MemberPress plugin for WordPress versions up to and including 1.11.37 a medium severity vulnerability CVE-2024-11299 was detected. This vulnerability allows unauthenticated attackers to extract sensitive information from restricted posts via the WordPress core search feature. To address this issue, users should upgrade MemberPress plugin to versions 1.12.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11299.

 Read more CMS
22 Apr 2025 Business and Enterprise Solutions
WordPress: Stored XSS via Preview Data Function in WP Import Export Lite Plugin

In WP Import Export Lite plugin for WordPress versions up to and including 3.9.27 a medium severity vulnerability CVE-2025-2839 was detected. This vulnerability allows authenticated attackers with Contributor-level access or higher to inject arbitrary web scripts via the wpiePreviewData function, due to insufficient input sanitization and output escaping. To address this issue, users should upgrade WP Import Export Lite plugin to versions 3.9.28 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2839.

 Read more CMS
21 Apr 2025 Communication and Collaboration
Mattermost: Authenticated Users Can View Member Info from Archived Channels

In Mattermost versions 10.5.x ≤ 10.5.1, 10.4.x ≤ 10.4.3 and 9.11.x ≤ 9.11.9 a medium severity vulnerability CVE-2025-2564 was detected. This vulnerability allows authenticated users to view members and member information of archived channels even when the ‘Allow users to view/update archived channels’ setting is disabled. To address this issue, users should upgrade Mattermost to versions 10.5.2, 10.4.4, 9.11.10 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2564.

 Read more Communication
21 Apr 2025 Data Management and Analytics
MySQL: High Privileged Attackers Can Cause DOS in MySQL Cluster

In MySQL Cluster versions 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0 a medium severity vulnerability CVE-2025-30710 was detected. This vulnerability allows high-privileged attackers with network access via multiple protocols to compromise MySQL Cluster, potentially causing a hang or repeatable crash (complete DOS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30710.

 Read more Database
21 Apr 2025 Data Management and Analytics
MySQL: mysqldump Vulnerability Allows Unauthorized Data Access and Modification in MySQL Client

In Oracle MySQL Client versions 8.0.0 through 8.0.41, 8.4.0 through 8.4.4 and 9.0.0 through 9.2.0 a medium severity vulnerability CVE-2025-30722 was detected in the mysqldump component. This vulnerability allows low-privileged attackers with network access via multiple protocols to gain unauthorized access to critical data or modify data accessible to the MySQL Client. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-30722.

 Read more Database
21 Apr 2025 Business and Enterprise Solutions
WordPress: Authenticated Users Can Delete Arbitrary Files Leading to RCE in Download Manager Plugin

In Download Manager plugin for WordPress versions up to and including 3.3.12 a high severity vulnerability (CVE-2025-3404) was detected. This vulnerability allows authenticated attackers with Author-level access or higher to delete arbitrary files on the server via insufficient file path validation in the savePackage function, potentially leading to remote code execution if critical files like wp-config.php are removed. To address this issue, users should update Download Manager plugin to versions 3.3.13 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-3404.

 Read more CMS