In Jupiter X Core plugin for WordPress versions 4.8.7 and prior a medium severity vulnerability CVE-2025-0365 was detected. This vulnerability allows attackers with Contributor-level access and above to read the contents of arbitrary files on the server via the inline SVG feature, potentially exposing sensitive information. To address this issue, users should upgrade Jupiter X Core plugin to version 4.8.8 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0365.
Read more CMS Business and Enterprise Solutions
In WP Finance plugin for WordPress versions 1.3.6 and prior a high severity vulnerability CVE-2024-13097 was detected. This vulnerability allows attackers to execute malicious scripts via a Reflected Cross-Site Scripting (XSS) attack, potentially targeting high-privilege users such as admins. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13097.
Read more CMS Business and Enterprise Solutions
In MagicForm plugin for WordPress versions 1.6.2 and prior a medium severity vulnerability CVE-2025-0939 was detected. This vulnerability allows authenticated attackers, with Subscriber-level access and above, to delete or view logs, modify forms, or change plugin settings due to missing capability checks on AJAX actions. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-0939.
Read more CMS Business and Enterprise Solutions
In Argo CD versions 2.13.4, 2.12.10 and 2.11.13 a medium severity vulnerability CVE-2025-23216 was detected.
This vulnerability allows attackers with write access to expose secret values in error messages and the diff view by syncing an invalid Kubernetes Secret, making them visible to any user with read access to Argo CD. To address this issue, users should upgrade Argo CD to version 2.13.4 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-23216.
In GitLab CE/EE versions 10.6 up to 16.9.7, 16.10 up to 16.10.5, and 16.11 up to 16.11.2 a medium severity vulnerability CVE-2024-1211 was detected. This vulnerability allows attackers to potentially exploit cross-site request forgery (CSRF) on GitLab instances configured to use JWT as an OmniAuth provider. To address this issue, users should upgrade GitLab CE/EE to versions 16.11.2, 16.10.5 or 16.9.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-1211.
Read more Developer Tools
In GitLab CE/EE versions 15.5 up to 16.9.7, 16.10 up to 16.10.5, and 16.11 up to 16.11.2 a low severity vulnerability CVE-2023-6195 was detected. This vulnerability allows attackers to exploit server-side request forgery (SSRF) by using a malicious URL in the markdown image value when importing a GitHub repository. To address this issue, users should upgrade GitLab CE/EE to versions 16.11.2, 16.10.5 or 16.9.7. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2023-6195.
Read more Developer Tools
In The AI Infographic Maker plugin for WordPress versions 4.9.0 and prior a medium severity vulnerability CVE-2024-12415 was detected. This vulnerability allows unauthenticated attackers to execute arbitrary shortcodes due to improper validation of values before running do_shortcode. To address this issue, users should upgrade The AI Infographic Maker plugin to version 5.0.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12415.
Read more CMS Business and Enterprise Solutions
In WP DataTable plugin for WordPress versions 0.2.6 and prior a medium severity vulnerability CVE-2024-13566 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to inject arbitrary web scripts via the ‘id’ parameter, leading to Stored Cross-Site Scripting. To address this issue, users should upgrade WP DataTable plugin to version 0.2.7 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13566.
Read more CMS Business and Enterprise Solutions
In Elementor Website Builder Pro plugin for WordPress versions 3.25.10 and prior a medium severity vulnerability CVE-2024-8494 was detected. This vulnerability allows authenticated attackers with Contributor-level access and above to extract sensitive data, including the content of Private, Pending, and Draft Templates, via the `elementor-template` shortcode. To address this issue, users should upgrade Elementor Website Builder Pro plugin to version 3.25.11 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-8494.
Read more CMS