In WooCommerce Wishlist versions before 1.8.8 a high severity vulnerability CVE-2024-13694 was detected. This vulnerability allows unauthenticated attackers to extract data from wishlists they should not have access to, due to missing validation on a user-controlled key in the download_pdf_file() function. To address this issue, users should upgrade to version 1.8.8 or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-13694.
Read more E-commerce
In Discourse versions 3.3.3 and prior on the `stable` branch and 3.4.0.beta3 and prior on the `beta` and `tests-passed` branches a medium severity vulnerability CVE-2025-22602 was detected. This vulnerability allows attackers to execute arbitrary JavaScript on users’ browsers by posting a malicious video placeholder HTML element. To address this issue, users should upgrade Discourse to version 3.3.4 on the `stable` branch or version 3.4.0.beta4 on the `beta` and `tests-passed` branches. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-22602.
Read more Communication
In Wazuh versions up to and including 4.9.0 a medium severity vulnerability CVE-2024-47770 was detected. This vulnerability allows attackers to see the Wazuh agent list without permission, which could expose important system information. To fix this issue, users should upgrade Wazuh to version 4.9.1. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-47770.
Read more Security
In Wazuh versions prior to 4.9.0 a high severity vulnerability CVE-2024-35177 was detected. This vulnerability allows attackers to gain full system access by placing malicious files in the Wazuh agent folder when installed in a non-default location. To fix this issue, users should upgrade Wazuh to version 4.9.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-35177.
Read more Security
In Sensei LMS WordPress plugin versions 4.24.3 and prior a medium severity vulnerability CVE-2025-0466 was detected. This vulnerability allows attackers to leak `sensei_email` and `sensei_message` information due to improper protection of some REST API routes. To address this issue, users should upgrade Sensei LMS plugin to version 4.24.4. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0466.
Read more CMS Business and Enterprise Solutions
In ShopSite plugin for WordPress versions 1.5.10 and prior a high severity vulnerability CVE-2024-13510 was detected. This vulnerability allows attackers to update settings and inject malicious web scripts via a forged request, provided they can trick a site administrator into performing an action such as clicking on a link. To address this issue, users should upgrade ShopSite plugin to version 1.5.11. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13510.
Read more CMS Business and Enterprise Solutions
In Qi Addons For Elementor plugin for WordPress versions 1.8.7 and prior a medium severity vulnerability CVE-2024-13699 was detected. This vulnerability allows authenticated users with Contributor-level access and above to inject arbitrary web scripts via the ‘cursor’ parameter, leading to Stored Cross-Site Scripting (XSS) that executes whenever a user accesses an injected page. To address this issue, users should upgrade Qi Addons For Elementor plugin to version 1.8.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13699.
In Grafana versions prior to 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 and 10.4.15 a medium severity vulnerability CVE-2024-11741 was detected. This vulnerability allows users with Viewer permissions to improperly access the Grafana Alerting VictorOps integration. To address this issue, users should upgrade Grafana to versions 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11 or 10.4.15. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-11741.
Read more Data Analytics
In Custom Related Posts plugin for WordPress versions 1.7.3 and prior a medium severity vulnerability CVE-2024-12825 was detected. This vulnerability allows attackers with Subscriber-level access and above to search posts and modify link/unlink relations due to missing capability checks on three AJAX actions. To address this issue, users should upgrade Custom Related Posts plugin to version 1.7.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12825.
Read more CMS Business and Enterprise Solutions