In AnalyticsWP plugin for WordPress versions 2.0.0 and prior a high severity vulnerability CVE-2024-13321 was detected. This vulnerability allows unauthenticated attackers to perform SQL injection via the ‘custom_sql’ parameter due to insufficient authorization checks in the handle_get_stats() function, enabling them to append additional SQL queries and extract sensitive information from the database. To address this issue, users should upgrade AnalyticsWP plugin to versions 2.1.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13321.
Read more CMS
In GitLab EE versions 16.5 prior to 17.7.7, 17.8 prior to 17.8.5 and 17.9 prior to 17.9.2 a low severity vulnerability CVE-2024-7296 was detected. This vulnerability allows a user with custom permissions to approve pending membership requests beyond the maximum number of allowed users. To address this issue, users should upgrade GitLab EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7296.
Read more Developer Tools
In GitLab EE versions 12.3 prior to 17.7.7, 17.8 prior to 17.8.5 and 17.9 prior to 17.9.2 a medium severity vulnerability CVE-2025-1257 was detected. This vulnerability allows attackers to cause a denial of service condition by manipulating specific API inputs. To address this issue, users should upgrade GitLab EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1257.
Read more Developer Tools
In SoundRise Music plugin for WordPress versions up to and including 1.6.11 a high vulnerability CVE-2025-2103 was detected. This vulnerability allows authenticated attackers with subscriber-level access and above to modify WordPress site options due to a missing capability check in the theironMusic_ajax() function, enabling them to change the default registration role to administrator and gain administrative access. To address this issue, users should upgrade SoundRise Music plugin to versions 1.7.1 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2103.
Read more CMS
In the Omnipress plugin for WordPress versions 1.5.4 and prior a medium severity vulnerability CVE-2024-13407 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to extract data from password-protected, private, or draft posts via the megamenu block. To address this issue, users should upgrade Omnipress plugin to the versions 1.5.5 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13407.
Read more CMS
In GitLab EE versions 12.3 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2025-1257 was detected. This vulnerability allows attackers to cause a denial of service condition by manipulating specific API inputs. To address this issue, users should upgrade GitLab EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1257.
Read more Developer Tools
In GitLab EE/CE versions 16.9 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2025-0652 was detected. This vulnerability allows unauthorized users to access confidential information intended for internal use only. To address this issue, users should upgrade to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0652.
Read more Developer Tools
In GitLab CE/EE versions before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2024-13054 was detected. This vulnerability allows an attacker to cause a system reboot under certain conditions, leading to a denial of service. To address this issue, users should upgrade GitLab CE/EE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13054.
Read more Developer Tools
In GitLab EE/CE versions from 11.5 before 17.7.7, 17.8 before 17.8.5 and 17.9 before 17.9.2 a medium severity vulnerability CVE-2024-12380 was detected. This vulnerability allows certain user inputs in repository mirroring settings to potentially expose sensitive authentication information. To address this issue, users should upgrade GitLab EE/CE to versions 17.7.7, 17.8.5 or 17.9.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12380.
Read more Developer Tools