In WP Crowdfunding plugin for WordPress versions 2.1.13 and prior a medium severity vulnerability CVE-2025-1508 was detected. This vulnerability allows authenticated attackers with subscriber-level access and above to download all post content of a site when WooCommerce is installed, due to a missing capability check on the download_data action. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-1508.
Read more CMS
In SEO Tools plugin for WordPress versions 4.0.7 and prior a high severity vulnerability CVE-2024-13853 was detected. This vulnerability allows attackers to exploit a Reflected Cross-Site Scripting (XSS) flaw due to improper sanitization and escaping of a parameter, potentially targeting high-privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13853.
Read more CMS Newsflash Business and Enterprise Solutions
In WP Login Control plugin for WordPress versions 2.0.0 and prior a high severity vulnerability CVE-2024-13836 was detected. This vulnerability allows attackers to exploit a Reflected Cross-Site Scripting (XSS) flaw due to improper sanitization and escaping of a parameter, potentially targeting high-privilege users such as administrators. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13836.
Read more CMS Newsflash Business and Enterprise Solutions
In XV Random Quotes plugin for WordPress versions 1.40 and prior a medium severity vulnerability CVE-2024-13580 was detected. This vulnerability allows attackers to exploit a Cross-Site Request Forgery (CSRF) flaw due to missing CSRF checks when updating plugin settings. This could enable an attacker to trick a logged-in admin into resetting the settings. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13580.
Read more CMS Newsflash Business and Enterprise Solutions
In ProductDyno plugin for WordPress versions 1.0.24 and prior a medium severity vulnerability CVE-2024-13413 was detected. This vulnerability allows attackers to exploit reflected Cross-Site Scripting (XSS) via the ‘res’ parameter due to insufficient input sanitization and output escaping, enabling unauthenticated attackers to inject arbitrary web scripts into pages that execute when a user is tricked into clicking on a link. To address this issue, users should upgrade ProductDyno plugin to version 1.0.25 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13413.
Read more CMS Newsflash Business and Enterprise Solutions
In MariaDB Server versions 10.4 through 10.5, 10.6 through 10.6, 10.7 through 10.11, 11.0 through 11.0 a medium severity vulnerability CVE-2023-52969 was detected. This vulnerability allows attackers to cause MariaDB to crash intermittently, potentially disrupting the database service without providing useful diagnostic information due to an empty backtrace log. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-52969.
Read more Newsflash
In MariaDB Server versions 10.4 before 10.4.33, 10.5 before 10.5.24, 10.6 before 10.6.17, 10.7 through 10.11before 10.11.7, 11.0 before 11.0.5, 11.1 before 11.1.4 a medium severity vulnerability CVE-2023-52968 was detected. This vulnerability allows attackers to cause MariaDB Server to crash by triggering an issue where derived tables are not properly prepared before certain operations are performed, potentially leading to service disruptions. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-52968.
Read more Newsflash
In MariaDB Server versions 10.10 through 10.11 and 11.0 through 11.4 a medium severity vulnerability CVE-2023-52971 was detected. This vulnerability allows attackers to crash the MariaDB server, potentially disrupting database operations and causing downtime. This vulnerability remains unresolved at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-52971.
Read more Newsflash
In GitLab EE versions 17.7 prior to 17.7.6, 17.8 prior to 17.8.4, 17.9 prior to 17.9.1 a medium severity vulnerability CVE-2025-2045 was detected. This vulnerability allows attackers with limited permissions to access potentially sensitive project analytics data in GitLab EE, which they should not have access to, due to improper authorization. To fix this issue, users should upgrade GitLab EE to versions 17.7.6, 17.8.4, or 17.9.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-2045.
Read more Newsflash